The CA/Browser Forum has approved Ballot CSC-13, which aims to increase the protection of code signing certificate private keys. The…
Entrust hosts a time-stamp authority (TSA) to support our customers who digitally sign data such as code and documents. When…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from the industry. PKI Consortium PKI…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from the industry. Entrust Apple Changes…
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. Entrust 2022 –…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from the industry. Entrust New Requirement…
In November 2021, we posted that Apple set the validity period of S/MIME certificates to 825 days. On February 1,…
Looking back at 2021 In 2021, HTTPS was everywhere and use of the TLS 1.3 protocol continued to grow. With…
In June 2021, the CA/Browser Forum passed ballot SC47 to remove the organization unit (OU) field from all public trust…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Discussing Wildcard…
At the October 2021 CA/Browser virtual face-to-face conference, Apple advised of updates to their root certificate program. The updates included…
Marcus Brinkmann presented the Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication (ALPACA) attack at Black Hat USA…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. F5 Market Screener…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Let’s Encrypt Root…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. PKI Consortium Increasing…
The Entrust monthly SSL review covers TLS/SSL discussions – recaps, news, trends, and opinions from the industry. Entrust Gmail support…
The Entrust monthly SSL review covers TLS/SSL discussions – recaps news, trends, and opinions from the industry. CA/Browser Forum Ballot…
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. Entrust Learn what…
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. CA/Browser Forum Domain…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Cloudflare announces Heartbleed Revisited…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Certificate Transparency Google announces…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Looking Back at…
Signing certificates are used to validate a signature on code or a document. As we look ahead to the future…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Kazakhstan MITM Certificate Mozilla…
2020 felt more like a maintenance year in the SSL/TLS ecosystem. Other than the certificate validity period changing from 825-days…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust How the Changes…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Chrome Root Program and…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust TLS Protocol 1.2…
Recently, a team of researchers discovered a vulnerability with all versions of the SSL and TLS 1.2 and prior protocols…
Entrust’s monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. 398-Day Certificate Validity Apple…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Why Google’s…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard Frost…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. Entrust Datacard Best…
Entrust Datacard’s monthly SSL review covers TLS/SSL discussions – recaps news, trends and opinions from the industry. Apple on 398-day…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions – recaps news, trends and opinions from the industry. Entrust Datacard Apple…
At the 49th meeting of the CA/Browser Forum held in February 2020, Apple announced that they are changing their root…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. CA Security Council…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard The…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard Chrome…
In a phased approach, Chrome plans to block mixed content on secure websites to improve user security. Most browsers already block…
CASC Paul Walsh provides a great blog about The Insecure Elephant in the Room and browser based UI Patrick Nohe hashes out Online…
Entrust Datacard The Value of EV Certificates Remains Regardless of Changes to the EV Indicator in Major Browsers Shortening Validity…
CASC … 9 Common Myths About CAs Shortening Validity Period of SSL/TLS Certificates … Web body mulls halving HTTPS cert…
CASC The Advantages of Short-Lived SSL Certificates for the Enterprise Bulletproof TLS Newsletter #55 Kazakhstan intercepts TLS traffic Hashedout provides input…
CASC What the Latest Firefox Update Means for SSL Certificates What Are Subordinate CAs and Why Would You Want Your…
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends and opinions from the industry….
Several years ago, I wrote “Is it SSL, TLS or HTTPS?” This was a simple blog to talk about the…
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends and opinions from the industry….
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends and opinions from the industry….
Entrust Datacard provides information on TLS 1.3 and phone domain name validation methods: TLS 1.3, Less is More Phone Domain Name…
Public and private trust certificates are types of SSL/TLS certificates that are formatted to suit different use cases. Entrust Datacard…
The CA/Browser Forum continues to update the validation methods used for issuing SSL/TLS certificates to improve security. The latest, Ballot 7,…
The CA/Browser Forum continues to improve domain name validation for SSL/TLS certificates. Following new methods to verify domain names using emails…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard ……
Increases in both performance and security are what can be expected as TLS 1.3 takes a less is more approach…
In 2018, the CA/Browser Forum held a domain validation summit to the review the approved domain validation methods. The meeting covered…
In November 2018, the CA Browser Forum voted to sunset the use of underscore characters in the domain names of SSL/TLS…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. CA Security Council……
Looking Back at 2018 2018 was an active year for SSL/TLS. We saw the SSL/TLS certificate validity period drop to…
Certification Authority Authorization (CAA) is a method for a domain owner to permit one or more certification authorities (CAs) to…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard… Major…
In an unprecedented move for the SSL/TLS ecosystem, the four major browsers have uniformly announced that they will deprecate TLS…
Public trust SSL/TLS certificates assert an association between a domain name and a public key. The domain name may be…
Entrust Datacard … The tipping point for HTTPS is closing in. Marketers, are you ready? Apple Will Soon Require Certificate…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust…
Through 2017 and into 2018, we have seen the use of HTTPS grow substantially. Last Fall Google announced the following…
Entrust Datacard supports SSL Server Testing as part of our best practices approach to certificate management. This free, web-based service tests server…
The Internet ecosystem has been working towards Chrome’s requirement for certificate transparency (CT) for all SSL/TLS certificates in April 2018….
Looking Back at 2017 2017 saw the end of SHA-1 in public trust SSL/TLS certificates and the start of Certification…
The Return Of Bleichenbacher’s Oracle Threat (ROBOT) attack takes advantage of an old vulnerability discovered by Daniel Bleichenbacher in 1998. We have previously seen…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard ……
Originally, there were just seven generic top level domains (gTLDs) and a couple hundred country code TLDs (ccTLDs). In 2012, ICANN announced…
Return of Coppersmith’s Attack (ROCA) is a vulnerability in the generation of RSA keys used by a software library adopted in cryptographic…
Public Key Pinning was great idea at first. Google used static public keys to protect their websites. In doing so,…
Chrome currently issues a “Not secure” browser warning for pages accepting password and/or credit card data that are not protected…
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
Google just announced they will not be enforcing certificate transparency (CT) logging for all new TLS certificates until April 2018. In…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust Identity ON:…
Entrust Datacard made the decision to stop issuing any type of public trust certificates using the SHA-1 hashing algorithm to…
The CA/Browser Forum has taken a progressive step by reducing SSL/TLS certificate lifetimes from 39 months (~1185 days) to 27…
Certification Authority Authorization (CAA) allows a domain owner to specify in their DNS or DNSSec which Certification Authority (CA) is…
Code Signing is a cryptographic process to digitally sign executables and scripts. The signature confirms the software author or publisher’s…
Looking Back at 2016 Fortunately, 2016 was not a year full of SSL/TLS vulnerabilities. Although some researchers did prove old cryptography…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust Identity ON:…
Google announced the requirement for Certificate Transparency for all new SSL/TLS certificates in October 2017. This requirement means that Chrome will…
The Long Life Certificate – Why It Doesn’t Exist Why is certificate expiration even necessary? Wouldn’t it be better if…
How would you know if there have been any unauthorized SSL certificates issued for your domain? How can you protect…
Security is one driving factor in the evolution of technology. Here’s a timeline showing how the history of SSL/TLS and…
Mozilla has released a new website, Observatory, to help developers, system administrators, and security professionals configure their websites safely and…
Security is one driving factor in the evolution of technology. Here’s a timeline showing how the history of SSL/TLS and…
Always-On SSL should be deployed to prevent the “Not secure” warning Website owners who do not secure their website with…
Google is making security icon changes in the Chrome status bar. The changes are based on a research paper prepared…
Details surrounding the SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN can be found in the paper…
At Black Hat USA 2016, doctoral candidates Mathy Vanhoef and Tom Van Goethem presented HEIST, an SSL/TLS vulnerability. HEIST is short…
It is time for an update on the Baseline Requirements for Code Signing. First the bad news, the new standard…
Emerging vulnerabilities underscore the argument for creating a safer Internet for everyone including domain owners by using HTTPS Everywhere, as…
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
We have been receiving some questions about Certificate Transparency. The main question is should non-EV SSL/TLS certificates be registered in a…
A team of researchers has announced a vulnerability with SSL 2.0 called Decrypting RSA with Obsolete and Weakened eNcryption; otherwise known as DROWN. SSL 2.0 is a…
I probably missed a Google blog, but when I was checking the details of a TLS certificate with Chrome, I…
Entrust provides security beyond the TLS certificate. We are a strong supporter of the CA/Browser Forum standards and also support…
On January 1, 2016, the public trust certification authorities (CAs) will stop issuing SHA-1 signed SSL/TLS certificates. What will happen?…
Looking Back at 2015 A number of new tactics proved 2015 was no exception to an active year defending against…
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
Research indicates that SHA-1 signed SSL/TLS certificates face increasing vulnerabilities forcing leading browsers to reconsider how long they will support…
In June 2015, the US chief information security officer (CIO) issued a memorandum to mandate HTTPS-only to secure Federal websites…
I had the opportunity to review a verification issue last week, and it had me thinking of the value of…
OpenSSL has announced a high severity vulnerability, CVE-2015-1793 which will require an upgrade to some OpenSSL installations. The vulnerability was…
You have a dilemma. You want to continue to deploy your web service but are running out of IPv4 addresses….
Entrust’s monthly SSL review covers SSL discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
As of April 1st, 2015, the lifetime of SSL certificates has now been reduced to 39 months, in accordance with…
As we have stated previously, website owners have a concern that an attacker can have a certificate issued for their…
The approval of HTTP/2 by the Internet Engineering Steering Group (IESG) back in mid-February marked the next major version of the network…
Comodo issued an SSL certificate for live.fi. The issue is the certificate requester did not own or control the live.fi…
With the news of Superfish, Komodia and PrivDog , there has been some interesting discussion on private trust and HTTPS…
Comodo issued an SSL certificate for live.fi. The issue is the certificate requester did not own or control the live.fi…
Almost 20 years ago, the first publicly trusted certification authorities (CAs) began generating their root keys and root certificates, which…
FREAK is a new man-in-the-middle (MITM) vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA. FREAK stands…
When Google Chrome 41 is released, it will treat certificate chains using SHA-1 which are valid past January 1, 2017…
This post was originally published on the CA Security Council blog. Looking Back at 2014 End of 1024-bit Security In…
As we move in 2015, you will start to see Certificate Transparency deployed on EV SSL certificates. Google has required that as of January…
December 03, 2014 By Bruce Morton Entrust’s monthly SSL review covers SSL discussions “” recaps news, trends and opinions from…
In 2005, it was discovered that the secure hash algorithm SHA-1 wasn’t as strong as it was initially thought to be, according…
This post was originally published on the CA Security Council blog. Is your website secure? One thing to consider is…
Lately, SSL has come under fire and users may be under the impression that, perhaps, there is a problem with…
Google announced on September 5, 2014, that Chrome will sunset SHA-1 by providing security warnings through the popular browser. SHA-1 is a secure…
We are now moving into the deployment of the Internet of Things (IoT). IoT is an attempt to attach uniquely identifiable…
Over the last few years, we’ve witnessed publicly trusted SSL certificates issued to domain names that were not authorized. These…
On July 2, Google became aware of fraudulent certificates that were incorrectly issued to Google-owned domain names. The certificates were issued by…
This post was originally published by on the CA Security Council blog. With the announcement of the Heartbleed bug and the…
In 2014, there will be a trend for website owners to implement TLS 1.2 on their servers. TLS 1.2 was defined in…
A recent article by the Microsoft malware protection center, “Be a real security pro – Keep your private keys private,”…
This post was originally published by Bruce Morton & Erik Costlow on the CA Security Council blog. We have recently discussed the…
This post was originally published on the CA Security Council blog. Internet Surveillance The big news at IETF 88 in Vancouver…
This post was originally published on theCA Security Council blog. Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill…
Entrust completed an internal test recently and was surprised by a warning from Google Chrome version 30. The test case…
We always discuss SSL deployment best practices. These are the actions the Web server administrator takes. These are important to discuss,…
Are you an SSL certificate owner that has SSL certificates that protect non-registered domains? What are non-registered domains? Well, let’s…
The Internet Corporation for Assigned Names and Numbers (ICANN) is currently approving many generic top-level domains (gTLDs). What are gTLDs?…
First, I would like to than Ivan Ristic for his development of the SSL/TLS deployment Best Practices document. This is…
Watchers of the SSL industry follow SSL protocol attacks such as BEAST, CRIME, Lucky 13 and RC4 closely. They also track the rare certification authority (CA)…
This post was originally published on the CA Security Council blog. The current browser-certification authority (CA) trust model allows a website…
This certificate is sometimes called unified communications certificate (UCC), multi-domain certificate or multi-SAN certificate. In this posting, we will call…
Certification authorities (CA) have always been compliance-minded and have historically imposed third-party audits upon themselves. The CAs disclose their requirements…
In the last few months, I have been reading blog posts (e.g., Google and Evernote) about certificate subscribers changing their keys from 1024-bit…
This post was originally published on the CA Security Council blog. There is an industry myth that certification authorities (CAs) are…
The PayPal information risk management team warns that the introduction of new generic top-level domains, or gTLDs, could impact security. For many…
Congratulations, Mozilla, on your plan to release Firefox 23 that will block mixed content. Website owners who have mixed-content pages will…
Are your secure SSL communications being compromised by a man-in-the-middle (MITM) attack? This issue came up when it was discovered…
We had the BEAST attack and it was said, “Prioritize RC4 cipher suite.” We had the Lucky Thirteen attack and it was said again, “Prioritize…
At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the…
As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has offered a couple of blogs…
The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA)…
We were monitoring the performance of our OCSP service over the weekend and found an odd dip. In this case,…
What happens to signed code when the code signing certificate expires? In many cases, an expired certificate means that the…