Website Security Solutions | Latest Guides | Blog

SSL Certificates now limited to 1 Year terms

| #News

To improve web PKI and security, Certificate Authorities (CA) will no longer be issuing SSL/TLS certificates with validity periods longer than one-year starting September 1, 2020. Initiated by Apple Safari and joined by Google Chrome and Mozilla Firefox, the new max validity period will be 398 days which is one-year plus a 33-day renewal grace period. The shortening of certificate validity… [read more →]

Understanding Certificate Cross-Signing

| #Articles

Certificate Cross-Signing is a nuance of PKI which is often poorly understood. This topic is particularly salient as of late, as a long-lived root certificate managed by Sectigo (formerly Comodo) expired, causing many unexpected problems for many legacy systems worldwide. But how can certificate expiration lead to service downtime? Who is responsible for being aware that this can happen? How can… [read more →]

When to use a Wildcard SSL Certificate

| #Articles

SSL/TLS uses x509 certificates to secure digital communications. These certificates are bound to a particular DNS name, and signed by a Certificate Authority. Browsers attempt to validate the certificate by chaining back to a root certificate in its root certificate store. If a website does not have an SSL/TLS certificate installed that matches the DNS name by which it was accessed, it is an… [read more →]

Let’s Encrypt Revokes 3 Million Certificates

| #Articles

On Friday February 28th, Let’s Encrypt made the tough decision to revoke over 3 million certificates they had issued due to a bug in the software they use to validate CAA records. This gave companies relying on Let’s Encrypt under a week to replace these certificates on their endpoints. While this procedure did not necessarily require downtime (depending on the specific server configuration) it did… [read more →]

Zero-Day Vulnerabilities and its Impact on Business

| #Articles #Security

Computer System Vulnerabilities are a serious security issue that can find its way to our computers through harmless browsing activities. This can be as simple as visiting a website, clicking on a compromised message or downloading software with compromised security protocols. Exploited and infected malware exposes our systems, allowing unauthorized control to the hackers. The system becomes… [read more →]