Web Browsers Now Marking HTTP sites “Not Secure”

Web Browsers have now started marking HTTP sites as  ‘Not Secure’ with release of Chrome 68+. For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Lately at SSL Support Desk – Acmetek we have been getting a lot of clients coming across a “Not secure” message on their website even after installing an SSL Certificate.  Causes: Now with Chrome demanding that everything be in https admins must forward all traffic on websites to https. Non https encryption sessions will show the “Not Secure” message within a Chrome […]

Read More

How to Protect Your Websites – Featuring SiteLock

Website security in our modern times is of the utmost importance, and it cannot be an afterthought. What are you doing to protect your company? Do you have a team of IT security professionals making sure your websites and internal network systems are secure? The only true way of staying secure is to be up-to-date and ahead of the curve of industry trends. Hackers like to phish and scope out websites that have been negligent in their security. Negligence in website security eventually starts opening doors to hackers, allowing them to bust their way through and grab sensitive information. Join the SSL Support Desk to learn more about the many ways you can protect your websites. In this article, we’ll […]

Read More

CA|B Fourm Passes Ballot 218 – Removing validation methods 1 and 5

As of August 1, 2018, all Certification Authorities (CA) can no longer validate domains by matching WHOIS domain registrant search results with certificate requester. Purpose of Ballot: Section 3.2.2.4 says that it “defines the permitted processes and procedures for validating the Applicant’s ownership or control of the domain.”  Most of the validation methods actually do validate ownership and control, but two do not, and can be completed solely based on an applicant’s own assertions. Since these two validation methods do not meet the objectives of section 3.2.2.4, and are actively being used to avoid validating domain control or ownership, they should be removed, and the other methods that do validate domain control or ownership should be used. WHAT ARE THE ACCEPTED VERIFICATION […]

Read More

GDPR Is Here! Are You Ready?

What is GDPR? At its core, the General Data Protection Regulation (GDPR) is a new set of rules designed to give EU citizens more control over their personal data. The reforms are designed to reflect the world we’re living in now, and brings laws and obligations – including those around personal data, privacy and consent – across Europe up to speed for the internet-connected age. These regulation aims  to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments — almost every service we use involves the collection and analysis of our […]

Read More

Encryption Protocol TLS 1.3 Released.

The Internet Engineering Task Force (IETF) —the organization that approves proposed Internet standards and protocols has approved TLS 1.3 as the next version of the Transport Layer Security (TLS) protocol.  TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. How Does This Pertain to SSL Certificates? In short, Technically Nothing. The term SSL certificate has been used for the purposes of marketing since the creation of the digital certificates.  SSL just like TLS are actually protocols that utilize a digital certificates public & private keypair . A digital certificate keypair by itself  is  nothing more than a place holder of 2048 bits or greater and is needed in […]

Read More

Google Makes Certificate Transparency Mandatory On Chrome.

Last year Google once again flexed its muscles by announcing the requirement for Certificate Transparency for all new SSL/TLS certificates in October 2017. This has since been pushed back until April 2018. This requirement means that Chrome will no longer trust new SSL/TLS certificates that are not qualified for Certificate Transparency (CT). CT is a method to publish all certificates in one or more publicly available CT logs, which meet the qualification requirements established by Google. CT logs can be audited to ensure they are honest. Domain owners and people all over the world can use the CT logs to monitor their domains and discover SSL/TLS certificates for more detailed information on CT visit our article What is CT? Certificate Transparency Benefits? […]

Read More

Symantec/Digicert- Google Reissue You May Have to Reissue Your SSL Certificate.

You May Have to Reissue Your Certificate!! Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec/Geotrust/Thawte/Rapidssl-issued certificates while balancing the SSL/TLS implementations currently deployed.  Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the new Digicert platform. These will be replaced at no cost to all certificates issued prior to December 1st 2017, and Digicert will work to ensure a smooth process. Many customers have already received information on certificate replacement, and more information will be forthcoming for affected parties. Acmetek requests that all clients/users of the SSL Partner Center to perform these reissues as soon as possible to avoid warning messages […]

Read More

DigiCert Closes Acquisition of Symantec’s Website Security Division.

DigiCert announced on Oct. 31 that is has completed the $950 million acquisition of Symantec’s Website Security and PKI (Public Key Infrastructure) business assets related to SSL/TLS certificates. It is now official. DigiCert is now in ownership of Symantec’s Website Security division. The deal was first announced on Aug. 3, with the goal to help improve the PKI infrastructure for Symantec’s certificates, which had been under fire by Google and other web browser vendors. “Today starts an exciting era for the current customers and partners of both Symantec and DigiCert,” said DigiCert CEO John Merrill. “For Symantec customers, they can feel assured that they will have continuity in their website security, and that we will provide a smooth transition. Our […]

Read More

“WannaCry” Blocked by Symantec – Best Practices Against Ransomware.

A world wide cyberattack that caused chaos On May 12, 2017  is still ongoing involving a ransomware named WannaCry (aka WCry). These attacks are targeting and have affected users from various countries across the globe. The WannaCry threat will encrypt data files on infected computers and ask users to pay a $300 US ransom in bitcoin to decrypt their files. A specific exploit against this vulnerability, code-named “Eternal Blue”, and was made available through a dump of various attack tools by the group Shadow Brokers, on April 14, 2017. Analysis indicates the attack spreads through an SMB remote code execution in Microsoft Windows. This was announced and patched by Microsoft on March 14, 2017. That is two whole months where if a patch […]

Read More

CA|B Forum Passes Ballot 193 – Deprecation of 3 Year SSL Certificates

The CAB Forum (CA Forum) is the governing body that moves the security of the internet with SSL Certificates. The CA/Browser Forum began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to Internet users about the web sites they visit by leveraging the capabilities of SSL/TLS certificates. The Ballots they pass together are geared to propelling the internet into a more safer environment. What was passed in Ballot 193? Maximum SSL validity period will be restricted to 2 year (825 days / 27 months) effective March 1, 2018. Authentication domain and organization vetting will only be valid for 27 months effective April 22, 2017 What does this mean? Eventually there […]

Read More