New in 2014 — Certificate Management for All Users, Organizations
As we evolve from the Entrust Certificate Management Service (CMS) to Entrust IdentityGuard Cloud Services SSL, it’s important to understand changes that could affect some customers. Any new or current customers who purchase four or fewer Entrust certificates online now have access to all the capabilities and features of Entrust IdentityGuard Cloud Services SSL. With [Read More...]
Same Services, New Names
The introduction of Entrust IdentityGuard Cloud Services presents an innovative consolidation of Entrust’s most popular and reliable security solutions. This evolution also brings about changes to the names of some of your favorite products. To simplify these changes, please review the following chart to see how the name changes could affect you and your organization. [Read More...]
Self-Signed Certificates don’t deliver Trust
We’ve heard the argument that website operators could just use self-sign certificates. They are easy to issue and they are “free.” Before issuing self-signed certificates, it’s a good idea to examine the trust and security model. You should also compare self-signed certificates to the publicly trusted certification authority (CA) model; and then make your own decision.
RC4, CBC, what the …?
BEAST & Lucky Thirteen attacks said, “Prioritize RC4 cipher suite.” AlFBPPS attack said, “RC4 is old and crummy. CBC-mode would be better.”
Mozilla Endorses SSL Baseline Requirements
The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.
TURKTRUST Unauthorized CA Certificates
Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.
Should You Use SHA-2?
A common question we receive from certificate customers: should we ask Entrust to sign our certificate with a signature using the SHA-2 hashing algorithm?
Certificate Transparency Birds of a Feather
I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.
Certificate Key Lengths: Bigger is Better
As previously discussed, Microsoft issued a security advisory announcing they will block keys that are less than 1024 bits long. This feature will appear in an update for supported versions of Microsoft Windows (not affecting Windows 8 or Windows Server 2012; the functionality is already there) and, of course, you have to upgrade to this [Read More...]
Microsoft to ban keys less than 1024-bits
For those of you who do not maintain the size of your keys for digital certificates, you’re about to have some problems. Microsoft is not a proponent of small-sized digital keys. Their Windows Root Certificate Program does not allow CAs to issue certificates with keys less than 1024-bits RSA and deprecates keys that are less [Read More...]