Tag Archives: SSL

Raising the Bar for Security and Trust on the Web

      No Comments on Raising the Bar for Security and Trust on the Web

Symantec to Stop Issuing DV SSL/TLS Certificates to .PW Domains

Recently, Symantec updated its certificate issuance controls to pay special attention to domains flagged for excessive abuse, malwa…

Critical OpenSSL vulnerability could allow attackers to intercept secure communications

Users advised to update to latest version of popular open source implementation of SSL/TLS.Read More

Una vulnerabilidad crítica de OpenSSL podría permitir a hackers interceptar comunicaciones seguras

Se recomienda a los usuarios hacer la actualización a la última versión de SSL / TLS

Read More

Explaining Avast’s HTTPS scanning feature

Internet users with basic security knowledge are aware that they should look for the padlock icon in the address bar or the HTTPS in a web address to indicate that a website is secure. We have gotten used to seeing it on bank sites or shopping carts where we input our credit card information. More […]

FREAK ????????????????????

      No Comments on FREAK ????????????????????

最近報告された FREAK 脆弱性を悪用すると、攻撃者は、セキュア接続に対して強度が弱く、簡単に復号可能な暗号方式を強制的に使用させることができます。

Read More

FREAK vulnerability can leave encrypted communications open to attack

A recently reported flaw lets attackers force secure connections to use a weaker, breakable form of encryption.Read More

Vulnerabilidade FREAK pode deixar comunicações criptografadas abertas a ataques

Uma falha divulgada recentemente permite que atacantes forcem conexões seguras a utilizar uma forma mais fraca de criptografia, que pode ser quebrada.

Read More

Vulnerabilidad FREAK puede dejar las comunicaciones cifradas expuestas a ataques

Una falla reportada recientemente permite a los atacantes forzar las conexiones seguras a usar un método de cifrado más débil y quebrantable.

Read More

The New 39-Month SSL Certificate Maximum Validity

Changes in CA/B Forum Baseline Requirements

Twitter Card Style: 

summary

The past few years within the SSL certificate industry have been busy with changes.  1024-bit RSA certificates are long gone, using public SSL certificates on servers with internal domain names is starting to disappear, and the SHA-1 hash algorithm is starting to see its final days.  So what is next?

Starting 1 April 2015, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 39 months.  SSL certificates have limited validity periods so that the certificate’s holder identity information is re-authenticated more frequently. Plus it’s a best practice to limit the amount of time that any key is used, to allow less time to attack it.

In line with the latest Certification Authority/Browser Forum Baseline Requirements, CAs will stop issuing 4 and 5-year SSL certificates in the near future.  Symantec plans on eliminating these options in late February 2015 on all SSL management consoles.  Extended Validation (EV) SSL certificates still have a max validity period of 27 months but Organizational Validated (OV) and Domain Validated (DV) certificates (DV not offered by Symantec) will have this new 39-month lifespan.

So how will this affect those who install SSL certificates?  The average person installing certificates in a large enterprise will have to go through the enrollment process a little more often.  If the organization on that level and scale finds this detracts from employee productivity they may want to look at leveraging Symantec Certificate Intelligence Center Automation.  To someone in a small organization who only issues SSL certificates on a very infrequent basis, they may find themselves looking for SSL installation instructions a little more often.  To help you, Symantec has always offered a wealth of information online via our Knowledge Base (the preceding site will be migrating to this location in the near future) and offers amazing support by phone.

Hourglass 350x350.jpg

Please let us know what you think below in the comment section.