Tag Archives: OCSP stapling

OCSP Stapling

February 24, 2014 by Bruce Morton     1 Comment

Digital certificate status is provided by the certificate revocation list (CRL) and online certificate status protocol (OCSP). The CRL is a list of all certificates that have been revoked. If the serial number is not on the list it is assumed to be good. OCSP provides a response for all certificates. In layman’s terms, the [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: OCSP, OCSP stapling, RFC 5019

Always-On SSL

February 6, 2014 by Bruce Morton     2 Comments

Always-On SSL is an approach to securing your website to mitigate attacks against your users. When I think of Always-On SSL, I think of three concepts: SSL across your entire site, SSL deployed to the best practices, and SSL with leading technology. SSL across Your Entire Site The approach to Always-On SSL is to avoid [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: EV SSL, HSTS, OCSP stapling

Certificate Authority Security Council

February 14, 2013 by Bruce Morton     No Comments

Today, the leading global certification authorities (CA) launched the Certificate Authority Security Council (CASC). The CASC is made up of publicly trusted CAs that issue SSL certificate to protect more than 95 percent of the global websites.

Digital Certificate Revocation – What the Future Holds

April 19, 2012 by Tim Moses     No Comments

When you tell people that revocation doesn’t work, they tend to look at you incredulously: “You’ve got all these solutions: full CRLs, CRL distribution points, delta-CRLs, indirect CRLs, OCSP, stapled OCSP. Surely one of those will work.” That’s the problem, right there. There are so many protocol and configuration choices that no two products or [Read More...]