Tag Archives: Root certificateRoot certificate

Mozilla Endorses SSL Baseline Requirements

February 27, 2013 by Bruce Morton     2 Comments

The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.

Adobe Code-Signing Certificate Compromised

October 3, 2012 by Bruce Morton     No Comments

Adobe announced they received two malicious utilities signed by a valid Adobe code-signing certificate. The code-signing certificate was compromised though an attack on their code-signing system. The code-signing certificate will be revoked on October 4, 2012, and will impact all code being signed after July 12, 2012. A supporting security advisory has been issued. The [Read More...]

Certificate Transparency

August 17, 2012 by Bruce Morton     3 Comments

I mentioned in an earlier blog, about certification authority authorization (CAA), that one of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. Certificate Transparency (CT) is another proposed method to resolve this issue. The draft CT specification states the following goals: The goal is [Read More...]

Understanding SSL

August 7, 2012 by Bruce Morton     No Comments

Just thought I would let you know about a podcast called Sophos Techknow – Understanding SSL. Hopefully there won’t be much new for the regular readers of this blog, but the information may be valuable for those new to the SSL industry. I did want to make note of a few things. The podcasters discuss [Read More...]

Code Signing: Best Practices

July 27, 2012 by Bruce Morton     1 Comment

The biggest issue with code signing is the protection of the private signing key associated with the code signing certificate. If the key gets compromised, then your certificate is worthless. A compromised key may also jeopardizethe software that you have already signed. Here are some best practices for code signing: 1. Minimize access to private [Read More...]

Microsoft to ban keys less than 1024-bits

June 15, 2012 by Bruce Morton     No Comments

For those of you who do not maintain the size of your keys for digital certificates, you’re about to have some problems. Microsoft is not a proponent of small-sized digital keys. Their Windows Root Certificate Program does not allow CAs to issue certificates with keys less than 1024-bits RSA and deprecates keys that are less [Read More...]