After the expansion of our IT infrastructure and the recent layout enhancements of the CertCenter Certificate Manager in Q2+Q3, we plan to integrate new cutting edge features into our system. These new features will improve both your recurring administrative tasks as well as your infrastructure security.
Qualys SSL Labs Integration
As announced on Twitter a few days ago, we’ve integrated the popular Qualys SSL Labs Ranking into CertCenter. With just a few clicks you can display the corresponding servers most recent ranking in the list of your SSL/TLS Certificates. This way you can see if any action is required.
Manual (re-)checking of all of your servers on ssllabs.com is now obsolete. Administrators can save time and increase the security of their IT infrastructure with a simple glance at the CertCenter Dashboard.
CertCenter customer and partners can obtain the ssllabs related reports either through the web-based CertCenter Manager, through the CertCenter XML/SOAP API, or CertCenter RESTful API.
The Ranking can be displayed by clicking the symbol in the overview of your certificates.
OCSP (Online Certificate Status Protocol) is a new way to validate the revocation status of X.509 digital certificates. OCSP has superseded the previous protocol CRL (Certificate Revocation List) and improves upon some of its shortcomings.
A major limitation of CRL checking is that updates must be frequently downloaded in order to maintain a current list of valid X.509 certificates from the client. This in turn can put a burden on the client’s network and calling resources. OCSP responses contain less information than CRL checking, which in turn decreases the burden on the client network.
Symantec further improved OCSP performance by building a highly efficient and responsive OCSP infrastructure to ensure X.509 validity can be checked quickly and with minimal effort from the client. The result is that Symantec is the fastest in the industry in determining X.509 digital certificate status.
This is another example where Symantec is consistently working to improve the user experience while managing X.509 certificates within the demands of the modern Internet.
Download Case Study
For a website, trust means business. Symantec SSL Certificates and the Norton Secured Seal displayed with them form the most trusted mark on the Internet. One reason this is true is that to use these assets, an organization must have its identity carefully validated. Now, customers can take advantage of a new feature called Symantec Ready Issuance and get new or renewed Symantec SSL Certificates as much as 288 times faster. CertCenter, a Symantec Website Security Partner, shows how the new feature works.
Getting Symantec SSL certificates is now faster and easier.
“Customers who ordered or renewed an Organization-Validated SSL certificate used to have to wait at least a day to get it”, says Carsten Müller, CEO at CertCenter, a leading Symantec Website Security Partner. “Now, using Symantec Ready Issuance, customers can get their certificate in 10 minutes – about 288 times faster than before”.
Read the full story (PDF) ..
(German version available ..)
Effective April 1st, 2015, the CA/B Forum is reducing the maximum validity of OV (Organization-Validated) and DV (Domain-Validated) SSL Certificates to 36 months in order to increase SSL/TLS security. Under these guidelines, no CA or their partners should offer OV/DV SSL Certificates with a term of validity greater than 3 years. As of March 9th, 2015, Symantec will only sell OV and DV SSL Certificates with a maximum validity of 3 years. This restriction applies to new certificate issuance as well as renewals. Beginning April 1st, 2015, if you need to reissue your SSL Certificate, the maximum validity allowed will be 36 months.
CertCenter has officially launched its Ready Issuance for Symantec SSL Certificates within the management portal “CertCenter Extranet”.
After transmission of an order for an SSL certificate with Organization Validation (OV), an extensive vetting of the applying organization, the relevant contact, and the domain name, are the main responsibilities of the Certification Authorities (CAs).
It has taken our HR department a couple of months to find the right person for this job opening. We needed someone with the necessary experience and industry know-how to prevent delaying or clogging up the flow of daily processes and tasks. We are happy to announce that we have found our colleague, Mr. Hotze, to be ideally suited for this position. Before he joined us at CertCenter (on March 1st, 2015), Mr. Hotze had worked many years as part of the Symantec Authentication Services Team in Dublin, Ireland.
The IT industry is a fast moving sector with new innovations being developed on a regular basis.
This is why more than 6000 visitors and more than 160 international exhibitors will come together at the WorldHostingDays 2015, from March 24th to March 26th, at the Europa-Park in Rust, Germany.
It is not only organizations with multiple departments and IT specialists that desire flexibility in regards to the entitlements of their users and the availability of extensive auditing – these are almost always required by the compliance-process.
The next change for SSL Certificates
Certificate Transparency (CT) is a Google initiative to log, audit, and monitor certificates that Certificate Authorities (CAs) have issued. A CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge.
Google recently announced that certain SSL Certificates with a lifecycle beyond the 1st of January 2016 are going to be treated as progressively less trustworthy by future versions of Chrome. The SSL Certificates in question are those signed using the slightly dated SHA-1 hashing algorithm. The same is going to apply to SSL Certificates which have been signed using SHA-256, but contain SHA-1 Intermediates within their chain of certificates (Chromium Blog Post, 5th of September 2014).