Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

Troubleshooting: SSL Certificate Browser Errors

Troubleshooting SSL Certificate Web Browser Errors can vary depending on its cause. The following warnings are presented by web browsers when you access a site that has a security certificate installed (for SSL/TLS data encryption) that cannot be verified by the browser. Typically this is from a self signed certificate created by a server system for default encryption. Examples Microsoft Edge: “This site is not secure. This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.”   Internet Explorer: “The security certificate presented by this website was not issued by a trusted certificate authority.” Firefox: “The owner of selfsigned.websecurity.symantec.com has configured their website improperly. To protect […]

Read More

What Certificate Authorities Do & How Their SSL Certificate Security is Enforced.

  There has been a lot of misleading information flying around within the security industry and various tech blogs regarding Certificate Authorities (CA), Security, and the function of SSL Certificates. Lots of finger pointing with no foundation of knowledge on who does what. The confusion is how encryption keypairs work, controlled, and managed, vs what Certificate Authorities (CA) actually do when they issue their different certificate products, and how browsers enforce the security behind SSL Certificates. Security is not all in the hands of the Certificate Authorities (CA). It all started with a CA named VeriSign. What/Who Are The Certificate Authorities? VeriSign headquartered in Virginia became one of the world’s first and biggest CA, providing third party authentication of public […]

Read More

Troubleshooting: Checking SSL installation with a browser

After you have installed your SSL certificate you may want to check installation. There ware two ways to go about checking its installation. By using a browser. This article will show case Google Chrome. By SSL Checker. See our article Troubleshooting: SSL with Qualys SSL Labs – SSL Checker to learn more. Lets get started.. Using Chrome: type in https://yourdomain.com (use the actual domain you want to check) you should see a pad lock to the left of the “Https.” Note: If you do not see a padlock or see a yellow exclamation point where the padlock would be, this may be due to Mixed or Insecure content. To troubleshoot this review troubleshooting article Troubleshooting: Unsecured or Mixed Content. If you do see […]

Read More