Raising the Bar for Security and Trust on the Web
Symantec to Stop Issuing DV SSL/TLS Certificates to .PW Domains
Recently, Symantec updated its certificate issuance controls to pay special attention to domains flagged for excessive abuse, malwa…
Symantec to Stop Issuing DV SSL/TLS Certificates to .PW Domains
Recently, Symantec updated its certificate issuance controls to pay special attention to domains flagged for excessive abuse, malwa…
広く普及している SSL/TLS のオープンソース実装を、最新バージョンに更新する必要があります。
Read More
Users advised to update to latest version of popular open source implementation of SSL/TLS.Read More
Se recomienda a los usuarios hacer la actualización a la última versión de SSL / TLS
Read More
Internet users with basic security knowledge are aware that they should look for the padlock icon in the address bar or the HTTPS in a web address to indicate that a website is secure. We have gotten used to seeing it on bank sites or shopping carts where we input our credit card information. More […]
最近報告された FREAK 脆弱性を悪用すると、攻撃者は、セキュア接続に対して強度が弱く、簡単に復号可能な暗号方式を強制的に使用させることができます。
Read More
A recently reported flaw lets attackers force secure connections to use a weaker, breakable form of encryption.Read More
Uma falha divulgada recentemente permite que atacantes forcem conexões seguras a utilizar uma forma mais fraca de criptografia, que pode ser quebrada.
Read More
Una falla reportada recientemente permite a los atacantes forzar las conexiones seguras a usar un método de cifrado más débil y quebrantable.
Read More
summary
The past few years within the SSL certificate industry have been busy with changes. 1024-bit RSA certificates are long gone, using public SSL certificates on servers with internal domain names is starting to disappear, and the SHA-1 hash algorithm is starting to see its final days. So what is next?
Starting 1 April 2015, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 39 months. SSL certificates have limited validity periods so that the certificate’s holder identity information is re-authenticated more frequently. Plus it’s a best practice to limit the amount of time that any key is used, to allow less time to attack it.
In line with the latest Certification Authority/Browser Forum Baseline Requirements, CAs will stop issuing 4 and 5-year SSL certificates in the near future. Symantec plans on eliminating these options in late February 2015 on all SSL management consoles. Extended Validation (EV) SSL certificates still have a max validity period of 27 months but Organizational Validated (OV) and Domain Validated (DV) certificates (DV not offered by Symantec) will have this new 39-month lifespan.
So how will this affect those who install SSL certificates? The average person installing certificates in a large enterprise will have to go through the enrollment process a little more often. If the organization on that level and scale finds this detracts from employee productivity they may want to look at leveraging Symantec Certificate Intelligence Center Automation. To someone in a small organization who only issues SSL certificates on a very infrequent basis, they may find themselves looking for SSL installation instructions a little more often. To help you, Symantec has always offered a wealth of information online via our Knowledge Base (the preceding site will be migrating to this location in the near future) and offers amazing support by phone.
Please let us know what you think below in the comment section.