Is logging into your smartphone, websites, or apps with a fingerprint secure?
Just because logging in with you finger is convenient doesn’t mean it’s the best method to use. Some days ago we told you about increasing your security on sites and in services by using two-factor authentication. More and more services are using this two-factor log in method. They require that you use “something you know” […]
Equation: Grupo avançado de ciberespionagem conhece todos os truques, e mais
cibercriminosos Sofisticados do Equation levam Malware para outro patamar.Read More
Equation: Advanced cyberespionage group has all the tricks in the book, and more
Sophisticated Equation attackers take malware to a new level.Read More
Angry Android hacker hides Xbot malware in popular application icons
Avast makes malware authors really mad because we detect and block their money-making apps. In the past few weeks, the Avast Mobile Security analysts have been focusing on Android malware which targets users in Russia and Eastern Europe. One of the families that caught our interest was the Xbot malware. The name Xbot comes from […]
The New 39-Month SSL Certificate Maximum Validity
Changes in CA/B Forum Baseline Requirements
Twitter Card Style:
summary
The past few years within the SSL certificate industry have been busy with changes. 1024-bit RSA certificates are long gone, using public SSL certificates on servers with internal domain names is starting to disappear, and the SHA-1 hash algorithm is starting to see its final days. So what is next?
Starting 1 April 2015, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 39 months. SSL certificates have limited validity periods so that the certificate’s holder identity information is re-authenticated more frequently. Plus it’s a best practice to limit the amount of time that any key is used, to allow less time to attack it.
In line with the latest Certification Authority/Browser Forum Baseline Requirements, CAs will stop issuing 4 and 5-year SSL certificates in the near future. Symantec plans on eliminating these options in late February 2015 on all SSL management consoles. Extended Validation (EV) SSL certificates still have a max validity period of 27 months but Organizational Validated (OV) and Domain Validated (DV) certificates (DV not offered by Symantec) will have this new 39-month lifespan.
So how will this affect those who install SSL certificates? The average person installing certificates in a large enterprise will have to go through the enrollment process a little more often. If the organization on that level and scale finds this detracts from employee productivity they may want to look at leveraging Symantec Certificate Intelligence Center Automation. To someone in a small organization who only issues SSL certificates on a very infrequent basis, they may find themselves looking for SSL installation instructions a little more often. To help you, Symantec has always offered a wealth of information online via our Knowledge Base (the preceding site will be migrating to this location in the near future) and offers amazing support by phone.
Please let us know what you think below in the comment section.
The New 39-Month SSL Certificate Maximum Validity
Changes in CA/B Forum Baseline Requirements
Twitter Card Style:
summary
The past few years within the SSL certificate industry have been busy with changes. 1024-bit RSA certificates are long gone, using public SSL certificates on servers with internal domain names is starting to disappear, and the SHA-1 hash algorithm is starting to see its final days. So what is next?
Starting 1 April 2015, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 39 months. SSL certificates have limited validity periods so that the certificate’s holder identity information is re-authenticated more frequently. Plus it’s a best practice to limit the amount of time that any key is used, to allow less time to attack it.
In line with the latest Certification Authority/Browser Forum Baseline Requirements, CAs will stop issuing 4 and 5-year SSL certificates in the near future. Symantec plans on eliminating these options in late February 2015 on all SSL management consoles. Extended Validation (EV) SSL certificates still have a max validity period of 27 months but Organizational Validated (OV) and Domain Validated (DV) certificates (DV not offered by Symantec) will have this new 39-month lifespan.
So how will this affect those who install SSL certificates? The average person installing certificates in a large enterprise will have to go through the enrollment process a little more often. If the organization on that level and scale finds this detracts from employee productivity they may want to look at leveraging Symantec Certificate Intelligence Center Automation. To someone in a small organization who only issues SSL certificates on a very infrequent basis, they may find themselves looking for SSL installation instructions a little more often. To help you, Symantec has always offered a wealth of information online via our Knowledge Base (the preceding site will be migrating to this location in the near future) and offers amazing support by phone.
Please let us know what you think below in the comment section.
Trend Micro Awarded ‘Best Protection’ by AV-TEST
Carbanak: ??????????????????????????
シマンテックは、金融機関を標的とする犯罪グループの活動を長期にわたって追跡してきました。
Read More
Carbanak: Gangue multimilionária cibercriminosa foca em bancos, ao invés de seus clientes
As atividades do grupo de crimes financeiros são rastreadas pela Symantec há algum tempo.
Read More