We have just updated our AlwaysOnSSL API. The API now supports the synchronous ordering of TLS certificates with up to 2048-bit RSA, 4096-bit RSA and ECC (previously only 2048-bit RSA).
Despite numerous changes on the part of the Certification Authority, as a customer of CertCenter AG you do not have to make any adjustments to your existing connection to the CertCenter API. Your existing mod_fauth integration will also remain compatible.
For the generation of certificates with larger RSA keys or ECC only a CSR generated accordingly is necessary (with 4096-bit RSA or ECC key). The CertCenter API then intelligently interprets the rest and does the work for you in the background.
From July 24 Google Chrome will mark all websites, without a valid SSL certificate, directly and immediately visible to every user as unsafe. Thus Google warns very clearly and consistently against the danger and the resulting risks of an unencrypted connection.
With the release of the Chrome browser version 68 in July 24 of this year, a “Not-Secure” warning is displayed in the Chrome browser bar for each web page that does not use a valid SSL certificate.
It has been almost a year since Symantec’s hitherto unscathed reputation in the certificate business was shaken because of inconsistencies in the vetting process of some Symantec RAs and the subsequent gloomy forecast by Google’s Chromium team. Every day, you may find articles in the international press that contain sentences such as, “Google plans to stop trusting current Symantec certificates.” However, such headlines seem to come out of thin air, as they are all about certificates issued before June 1, 2016. These also retain the usual compatibility after a free certificate replacement (re-issue), even after April 2018. Continue reading
Effective April 1st, 2015, the CA/B Forum is reducing the maximum validity of OV (Organization-Validated) and DV (Domain-Validated) SSL Certificates to 36 months in order to increase SSL/TLS security. Under these guidelines, no CA or their partners should offer OV/DV SSL Certificates with a term of validity greater than 3 years. As of March 9th, 2015, Symantec will only sell OV and DV SSL Certificates with a maximum validity of 3 years. This restriction applies to new certificate issuance as well as renewals. Beginning April 1st, 2015, if you need to reissue your SSL Certificate, the maximum validity allowed will be 36 months.
The next change for SSL Certificates
Certificate Transparency (CT) is a Google initiative to log, audit, and monitor certificates that Certificate Authorities (CAs) have issued. A CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge.
Google recently announced that certain SSL Certificates with a lifecycle beyond the 1st of January 2016 are going to be treated as progressively less trustworthy by future versions of Chrome. The SSL Certificates in question are those signed using the slightly dated SHA-1 hashing algorithm. The same is going to apply to SSL Certificates which have been signed using SHA-256, but contain SHA-1 Intermediates within their chain of certificates (Chromium Blog Post, 5th of September 2014).
Many businesses rely on the Microsoft Exchange Server for their internal and external messaging. The Exchange Server is usually designated as “server“ or ”server.local“ within the internal network.
By now you may already know about the Turkish Certification Authority TÜRKTRUST, which has mistakenly issued two Intermediate Certificates for two companies in Turkey.
According to the findings of an academic research group, the encryption and SSL protection of 41 Android applications are deficient or inadequate. These apps, which have been downloaded up to 185 million times, can be tapped during the communication between the gadget and the web server.