Tag Archives: WebTrust

Do You Need SHA-2 Signed Root Certificates?

April 4, 2014 by Bruce Morton     No Comments

We have discussed the SHA-1 deprecation policy and why you should move to SHA-2. The certification authorities (CAs) have provided methods to have your certificates issued and signed using a SHA-2 hashing algorithm. As we move ahead, you will see the CAs changing the default signing algorithm from SHA-1 to SHA-2. It’d be sound strategy [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: root certificates, SHA-1, SHA-2

Your Audit Report has Expired

March 27, 2014 by Bruce Morton     No Comments

Here is an interesting theme of questions we receive all the time. Why has your CA audit report expired? Or, when will your audit report be brought up to date? The answer? The audit report is up to date and a new audit report will be provided within three months of the end of the [Read More...]

Filed Under: SSL Tagged With: CAB Forum, SSL, WebTrust

CAs Being Audited to Baseline Requirements

August 1, 2013 by Bruce Morton     No Comments

Certification authorities (CA) have always been compliance-minded and have historically imposed third-party audits upon themselves. The CAs disclose their requirements through a certificate policy (CP) document or certification practice statement (CPS). In these documents they state that they will be audited by a third party to meet these requirements. Historically, the CAs had to choose [Read More...]

Filed Under: EV SSL, SSL Tagged With: CA/Browser Forum, WebTrust

CAs Support Standards and Regulations

May 20, 2013 by Bruce Morton     No Comments

There is an industry myth that certification authorities (CAs) are not regulated. In fact publicly-trusted SSL CAs support the development of industry regulations and have been audited annually to ensure compliance to the many requirements.

Self-Signed Certificates don’t deliver Trust

April 4, 2013 by Bruce Morton     No Comments

We’ve heard the argument that website operators could just use self-sign certificates. They are easy to issue and they are “free.” Before issuing self-signed certificates, it’s a good idea to examine the trust and security model. You should also compare self-signed certificates to the publicly trusted certification authority (CA) model; and then make your own decision.

Mozilla Endorses SSL Baseline Requirements

February 27, 2013 by Bruce Morton     2 Comments

The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.