Use of Certification Authority Authorization (CAA) was mandated for TLS certificates in September 2017. The…
In a previous blog we introduced Digital Certificate Linting. It is interesting how certification authorities…
The Entrust monthly digital certificates review covers a range of topics including — news, trends,…
The Entrust monthly digital certificates review covers a range of topics including news, trends, and…
The Entrust monthly digital certificates review covers a range of topics including news, trends, and…
My recollection of certificate linting goes back to 2016. Linting started happening to most public…
The CA/Browser Forum released Ballot CSC-18 to update the code signing certificate revocation requirements in…
The Entrust monthly SSL review covers TLS/ SSL discussions — recaps, news, trends, and opinions…
After more than 10 years, short-lived TLS certificates are finally permitted by the browsers based…
The Entrust monthly SSL review covers TLS/SSL discussions — recaps, news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps, news, trends and opinions from…
The Entrust monthly SSL review covers TLS/SSL discussions — recaps, news, trends, and opinions from…
At the most recent CA/Browser Forum (CABF) meeting in late February, Google announced its Moving…
The Entrust monthly SSL review covers TLS/SSL discussions — recaps, news, trends, and opinions from…
The Entrust monthly SSL review covers TLS/SSL discussions — recaps, news, trends, and opinions from…
The CA/Browser Forum has approved Ballot SC61 with directions as to which certificate revocation lists…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps, news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps, news, trends, and opinions from…
The Entrust monthly SSL review covers TLS/SSL discussions — recaps, news, trends, and opinions from…
In 2020 the CA/Browser Forum created the S/MIME Certificate Working Group with the following charter….
The Entrust monthly SSL review covers TLS/SSL discussions — recaps, news, trends, and opinions from…
The Entrust monthly SSL review covers TLS/SSL discussions — recaps, news, trends, and opinions from…
The CA/Browser Forum has approved Ballot CSC-13 and has updated the effective date with Ballot…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
The Entrust monthly SSL review covers TLS/SSL discussions — recaps news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Entrust hosts a time-stamp authority (TSA) to support our customers who digitally sign data such…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from…
In November 2021, we posted that Apple set the validity period of S/MIME certificates to…
Looking back at 2021 In 2021, HTTPS was everywhere and use of the TLS 1.3…
In June 2021, the CA/Browser Forum passed ballot SC47 to remove the organization unit (OU)…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
At the October 2021 CA/Browser virtual face-to-face conference, Apple advised of updates to their root…
Marcus Brinkmann presented the Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication (ALPACA)…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
The Entrust monthly SSL review covers TLS/SSL discussions – recaps, news, trends, and opinions from…
The Entrust monthly SSL review covers TLS/SSL discussions – recaps news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from…
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the…
Signing certificates are used to validate a signature on code or a document. As we…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the…
2020 felt more like a maintenance year in the SSL/TLS ecosystem. Other than the certificate…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the…
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the…
Recently, a team of researchers discovered a vulnerability with all versions of the SSL and…
Entrust’s monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from…
Entrust Datacard’s monthly SSL review covers TLS/SSL discussions – recaps news, trends and opinions from…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions – recaps news, trends and opinions from…
At the 49th meeting of the CA/Browser Forum held in February 2020, Apple announced that…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
In a phased approach, Chrome plans to block mixed content on secure websites to improve…
CASC Paul Walsh provides a great blog about The Insecure Elephant in the Room and browser based…
Entrust Datacard The Value of EV Certificates Remains Regardless of Changes to the EV Indicator…
CASC … 9 Common Myths About CAs Shortening Validity Period of SSL/TLS Certificates … Web…
CASC The Advantages of Short-Lived SSL Certificates for the Enterprise Bulletproof TLS Newsletter #55 Kazakhstan…
CASC What the Latest Firefox Update Means for SSL Certificates What Are Subordinate CAs and…
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends…
Several years ago, I wrote “Is it SSL, TLS or HTTPS?” This was a simple…
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends…
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends…
Entrust Datacard provides information on TLS 1.3 and phone domain name validation methods: TLS 1.3, Less…
Public and private trust certificates are types of SSL/TLS certificates that are formatted to suit…
The CA/Browser Forum continues to update the validation methods used for issuing SSL/TLS certificates to…
The CA/Browser Forum continues to improve domain name validation for SSL/TLS certificates. Following new methods…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Increases in both performance and security are what can be expected as TLS 1.3 takes…
In 2018, the CA/Browser Forum held a domain validation summit to the review the approved domain…
In November 2018, the CA Browser Forum voted to sunset the use of underscore characters in…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Looking Back at 2018 2018 was an active year for SSL/TLS. We saw the SSL/TLS…
Certification Authority Authorization (CAA) is a method for a domain owner to permit one or…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
In an unprecedented move for the SSL/TLS ecosystem, the four major browsers have uniformly announced…
Public trust SSL/TLS certificates assert an association between a domain name and a public key….
Entrust Datacard … The tipping point for HTTPS is closing in. Marketers, are you ready?…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Through 2017 and into 2018, we have seen the use of HTTPS grow substantially. Last…
Entrust Datacard supports SSL Server Testing as part of our best practices approach to certificate management. This…
The Internet ecosystem has been working towards Chrome’s requirement for certificate transparency (CT) for all…
Looking Back at 2017 2017 saw the end of SHA-1 in public trust SSL/TLS certificates…
The Return Of Bleichenbacher’s Oracle Threat (ROBOT) attack takes advantage of an old vulnerability discovered by Daniel Bleichenbacher in…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from…
Originally, there were just seven generic top level domains (gTLDs) and a couple hundred country code TLDs…
Return of Coppersmith’s Attack (ROCA) is a vulnerability in the generation of RSA keys used by a…
Public Key Pinning was great idea at first. Google used static public keys to protect…
Chrome currently issues a “Not secure” browser warning for pages accepting password and/or credit card…
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the…
Google just announced they will not be enforcing certificate transparency (CT) logging for all new TLS…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from…
Entrust Datacard made the decision to stop issuing any type of public trust certificates using…
The CA/Browser Forum has taken a progressive step by reducing SSL/TLS certificate lifetimes from 39…
Certification Authority Authorization (CAA) allows a domain owner to specify in their DNS or DNSSec…
Code Signing is a cryptographic process to digitally sign executables and scripts. The signature confirms…
Looking Back at 2016 Fortunately, 2016 was not a year full of SSL/TLS vulnerabilities. Although some…
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from…
Google announced the requirement for Certificate Transparency for all new SSL/TLS certificates in October 2017. This…
The Long Life Certificate – Why It Doesn’t Exist Why is certificate expiration even necessary?…
How would you know if there have been any unauthorized SSL certificates issued for your…
Security is one driving factor in the evolution of technology. Here’s a timeline showing how…
Mozilla has released a new website, Observatory, to help developers, system administrators, and security professionals…
Security is one driving factor in the evolution of technology. Here’s a timeline showing how…
Always-On SSL should be deployed to prevent the “Not secure” warning Website owners who do…
Google is making security icon changes in the Chrome status bar. The changes are based…
Details surrounding the SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN can…
At Black Hat USA 2016, doctoral candidates Mathy Vanhoef and Tom Van Goethem presented HEIST, an…
It is time for an update on the Baseline Requirements for Code Signing. First the…
Emerging vulnerabilities underscore the argument for creating a safer Internet for everyone including domain owners…
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the…
We have been receiving some questions about Certificate Transparency. The main question is should non-EV SSL/TLS…
A team of researchers has announced a vulnerability with SSL 2.0 called Decrypting RSA with Obsolete and Weakened eNcryption; otherwise known…
I probably missed a Google blog, but when I was checking the details of a…
Entrust provides security beyond the TLS certificate. We are a strong supporter of the CA/Browser…
On January 1, 2016, the public trust certification authorities (CAs) will stop issuing SHA-1 signed…
Looking Back at 2015 A number of new tactics proved 2015 was no exception to…
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the…
Research indicates that SHA-1 signed SSL/TLS certificates face increasing vulnerabilities forcing leading browsers to reconsider…
In June 2015, the US chief information security officer (CIO) issued a memorandum to mandate…
I had the opportunity to review a verification issue last week, and it had me…
OpenSSL has announced a high severity vulnerability, CVE-2015-1793 which will require an upgrade to some…
You have a dilemma. You want to continue to deploy your web service but are…
Entrust’s monthly SSL review covers SSL discussions “” recaps news, trends and opinions from the…
As of April 1st, 2015, the lifetime of SSL certificates has now been reduced to…
As we have stated previously, website owners have a concern that an attacker can have…
The approval of HTTP/2 by the Internet Engineering Steering Group (IESG) back in mid-February marked the next…
Comodo issued an SSL certificate for live.fi. The issue is the certificate requester did not…
With the news of Superfish, Komodia and PrivDog , there has been some interesting discussion…
Comodo issued an SSL certificate for live.fi. The issue is the certificate requester did not…
Almost 20 years ago, the first publicly trusted certification authorities (CAs) began generating their root…
FREAK is a new man-in-the-middle (MITM) vulnerability discovered by a group of cryptographers at INRIA, Microsoft…
When Google Chrome 41 is released, it will treat certificate chains using SHA-1 which are…
This post was originally published on the CA Security Council blog. Looking Back at 2014 …
As we move in 2015, you will start to see Certificate Transparency deployed on EV SSL certificates. Google…
December 03, 2014 By Bruce Morton Entrust’s monthly SSL review covers SSL discussions “” recaps…
In 2005, it was discovered that the secure hash algorithm SHA-1 wasn’t as strong as it was…
This post was originally published on the CA Security Council blog. Is your website secure?…
Lately, SSL has come under fire and users may be under the impression that, perhaps,…
Google announced on September 5, 2014, that Chrome will sunset SHA-1 by providing security warnings through the…
We are now moving into the deployment of the Internet of Things (IoT). IoT is an…
Over the last few years, we’ve witnessed publicly trusted SSL certificates issued to domain names…
On July 2, Google became aware of fraudulent certificates that were incorrectly issued to Google-owned domain names….
This post was originally published by on the CA Security Council blog. With the announcement of…
In 2014, there will be a trend for website owners to implement TLS 1.2 on their servers….
A recent article by the Microsoft malware protection center, “Be a real security pro –…
This post was originally published by Bruce Morton & Erik Costlow on the CA Security Council blog….
This post was originally published on the CA Security Council blog. Internet Surveillance The big news…
This post was originally published on theCA Security Council blog. Code signing certificates from publicly…
Entrust completed an internal test recently and was surprised by a warning from Google Chrome…
We always discuss SSL deployment best practices. These are the actions the Web server administrator takes….
Are you an SSL certificate owner that has SSL certificates that protect non-registered domains? What…
The Internet Corporation for Assigned Names and Numbers (ICANN) is currently approving many generic top-level…
First, I would like to than Ivan Ristic for his development of the SSL/TLS deployment…
Watchers of the SSL industry follow SSL protocol attacks such as BEAST, CRIME, Lucky 13 and RC4 closely. They also track…
This post was originally published on the CA Security Council blog. The current browser-certification authority (CA)…
This certificate is sometimes called unified communications certificate (UCC), multi-domain certificate or multi-SAN certificate. In…
Certification authorities (CA) have always been compliance-minded and have historically imposed third-party audits upon themselves….
In the last few months, I have been reading blog posts (e.g., Google and Evernote) about certificate subscribers…
This post was originally published on the CA Security Council blog. There is an industry myth…
The PayPal information risk management team warns that the introduction of new generic top-level domains, or gTLDs,…
Congratulations, Mozilla, on your plan to release Firefox 23 that will block mixed content. Website owners…
Are your secure SSL communications being compromised by a man-in-the-middle (MITM) attack? This issue came…
We had the BEAST attack and it was said, “Prioritize RC4 cipher suite.” We had the Lucky Thirteen attack and…
At the IETF 86 meeting in Orlando last week, there was a working group meeting…
As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has…
The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included…
We were monitoring the performance of our OCSP service over the weekend and found an…
What happens to signed code when the code signing certificate expires? In many cases, an…