Liftoff on SSL/TLS 2 year’s certificates

TLS certificate validity will be limited to one year by Apple’s Safari browser from 1st September ’20. At the CA/Browser (CA/B) Forum in Slovakia, Bratislava, Apple announced that after September 1, 2020, any SSL/TLS certificate issued can be valid no longer than 398 days. It happened by following a long history of the CA/B Forum Community trying to reduce the lifetime of certificates and improve security while balancing the business requirements in transitioning to shorter validity certificates. To secure your 2 year SSL/TLS certs and avoid the rush, we suggest ordering all your two-year certificates at least one month before the deadline or at the earliest. Here is the list of the benefits available to customers who purchased new or […]

Read More

Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

Ask SSL Support Desk: I need a certificate that is FIPS 140-2 compliant. Are SSL Certificates FIPS 140-2 compliant?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: Are SSL Certificates FIPS 140-2 compliant?  Short Answer: Yes-ish.  But FIPS pertains more to the actual physical protection of digital certificate cryptographic modules. If a certificate authority such as Entrust, or Comodo did not follow the guidelines set by FIPS 140-2 compliance then they would be out of business. If you got a EV CodeSigning certificate you will definitely get a FIPS 140-2 compliant certificate. This is because the actual certificate is installed on […]

Read More

Ask SSL Support Desk: Are SSL Certificate NIST compliant? NIST: National Institute of Standards and Technology

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: Are SSL Certificates NIST compliant?  Short Answer: Yes. Actually, NIST was responsible for Certificate Authorities (CA) such as Digicert, Entrust, Comodo to start implementing the 2048 key pair bit length standard with SSL/TLS Certificates. More Information: Within the realm of Website and Network Security there are many institutions that “Set the Standard” to the way people and organizations conduct their infrastructure. Without standards there would be no consistency among product developers, manufactures, cyber security, […]

Read More

Web Browsers Now Marking HTTP sites “Not Secure”

Web Browsers have now started marking HTTP sites as  ‘Not Secure’ with release of Chrome 68+. For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Lately at SSL Support Desk – Acmetek we have been getting a lot of clients coming across a “Not secure” message on their website even after installing an SSL Certificate.  Causes: Now with Chrome demanding that everything be in https admins must forward all traffic on websites to https. Non https encryption sessions will show the “Not Secure” message within a Chrome […]

Read More

How to Protect Your Websites – Featuring SiteLock

Website security in our modern times is of the utmost importance, and it cannot be an afterthought. What are you doing to protect your company? Do you have a team of IT security professionals making sure your websites and internal network systems are secure? The only true way of staying secure is to be up-to-date and ahead of the curve of industry trends. Hackers like to phish and scope out websites that have been negligent in their security. Negligence in website security eventually starts opening doors to hackers, allowing them to bust their way through and grab sensitive information. Join the SSL Support Desk to learn more about the many ways you can protect your websites. In this article, we’ll […]

Read More

ASK SSL Support Desk – How Many Wildcard SSL Certificates Do I Need If I have Multiple IP’s?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: One of my customers is looking to get some Wildcard SSL Certificates. They have one main domain and 30 to 40 sub domains across 3 different Internet Service Providers, and all the domains are tagged with all the ISP’s for redundancy. They are having Internet Service provision from BSNL, TATA and National Knowledge Network with respective individual IP Address. Please help me with what they should get. Can my customer buy one single Wildcard […]

Read More

ASK SSL Support Desk – Where can I get a Base64 encoded .cer format certificate?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: I need a Base64 encoded .cer format certificate to Import into my Websense proxy server. Where can I get that? Short Answer: That is just a regular x509 certificate with a .cer extension. In the world of Public Key Infrastructure (PKI) there are many different file formats. The following are the major ones. pkcs#7/P7B x509/PEM pkcs#12/PFX/P12 x509/PEM Format: The PEM format is the most common format that Certificate Authorities (CA) issue certificates in. PEM […]

Read More

ASK SSL Support Desk – Why Can I not Create a PFX From a Citrix Netscaler?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: I’m trying to create a pfx file for wildcard cert *.example.com in Citrix Netscaler but I am Failing to do so. Ive crosses checked with the following directions. What am I doing wrong? https://www.digicert.com/csr-creation-ssl-installation-citrix-netscaler.htm#netscaler_vpx_create_csr Short Answer: That is because Citrix Netscaler cannot create pfx files. Netscaler cannot Create pfx format files. It creates pem apache format. Netscaler systems do on the other hand have the ability to import a pfx file, but that pfx […]

Read More

CA|B Fourm Passes Ballot 218 – Removing validation methods 1 and 5

As of August 1, 2018, all Certification Authorities (CA) can no longer validate domains by matching WHOIS domain registrant search results with certificate requester. Purpose of Ballot: Section 3.2.2.4 says that it “defines the permitted processes and procedures for validating the Applicant’s ownership or control of the domain.”  Most of the validation methods actually do validate ownership and control, but two do not, and can be completed solely based on an applicant’s own assertions. Since these two validation methods do not meet the objectives of section 3.2.2.4, and are actively being used to avoid validating domain control or ownership, they should be removed, and the other methods that do validate domain control or ownership should be used. WHAT ARE THE ACCEPTED VERIFICATION […]

Read More