Security Focus: It’s What’s Behind the Seal That Matters
In my last post, I briefly discussed a survey Entrust commissioned to understand the effect trust seals have on online transaction behavior. Coincidentally, I discovered an article in IEEE Security & Privacy magazine about a similar survey the magazine conducted. Security-related items were one of eight different factors the survey identified that affected the participants’ [Read More...]
Survey: Site Seals vs Reliable Security – Which is Most Important?
There is a lot of hype right now about a major player in the SSL security space “rebranding” itself as the go-to SSL provider. But hype and big brand names alone shouldn’t influence security buying decisions. While this sounds logical, too many companies and organizations pay a premium for an over-marketed SSL trust seal. Entrust [Read More...]
Google Rethinks Revocation
Google has decided in Chrome that they’re going to take a different approach to certificate revocation. Chrome developer Adam Langley describes the decision in detail in his blog, Imperial Violet. Unlike a number of CAs, we think this is a pretty good idea, even if incompletely executed so far. Revocation is a difficult task. It [Read More...]
Ensuring Compliance with Security Policy
If you are in the IT business, chances are you are subject to compliance and some form of security policy. One example our customers run into is ensuring they are moving from a 1024-bit key size to 2048-bit key sizes in their certificates. While most companies should have a policy in place to ensure they are only purchasing 2048-bit certificates, most are unable to ensure only purchasing-approved certificates are introduced into their environment. This may occur for the following reasons…
How Do I Find & Inventory My Certificates?
In previous posts, I’ve discussed why you’d want to inventory your certificates. Now let’s discuss how you can inventory your certificates.
Historically, we’ve found a lot of prospective customers using a spreadsheet to maintain a listing of certificates, owners and expiry dates. There are problems with this approach: data is manually collected; information becomes outdated quickly; often data that is required is not collected at all; and it’s also challenging to receive reliable email notifications from a spreadsheet.
Top 3 Certificate Management Issues
I’ve spent a tremendous amount of time talking to customers about certificate management, and their certificate management problems consistently boil down to the following three issues:
1. Certificates Expiring Unexpectedly
Application owners lie awake at night worrying that an application will go down or be otherwise inaccessible, and there’s any number of reasons why this could occur. Do you identify with any of these?
What Are the Best Methods of Simplifying SSL Certificate Management?
This is the first entry in a five-part series that focuses specifically on SSL certificate management. Throughout the series, we’ll focus on the most popular challenges we hear from customers. When the series is completed, this post will be used as an index to all other related blogs entries.