CA|B Fourm Passes Ballot 218 – Removing validation methods 1 and 5

As of August 1, 2018, all Certification Authorities (CA) can no longer validate domains by matching WHOIS domain registrant search results with certificate requester. Purpose of Ballot: Section 3.2.2.4 says that it “defines the permitted processes and procedures for validating the Applicant’s ownership or control of the domain.”  Most of the validation methods actually do validate ownership and control, but two do not, and can be completed solely based on an applicant’s own assertions. Since these two validation methods do not meet the objectives of section 3.2.2.4, and are actively being used to avoid validating domain control or ownership, they should be removed, and the other methods that do validate domain control or ownership should be used. WHAT ARE THE ACCEPTED VERIFICATION […]

Read More

What is a Certificate Signing Request (CSR)?

A Certificate Signing Request or CSR is a specially formatted underdeveloped public key that is used for enrollment of an SSL Certificate. The information on this CSR is important for a Certificate Authority (CA). It is needed to validate the information required to issue a SSL Certificate. The public key (CSR) is freely given away by the server system or administrator so that the respective party can perform encryption. When it comes to enrolling for a SSL/TLS server certificate from a CA there comes  standards set by the CA|B Forum and Various RFC’s from the IETF (Internet Engineering Task Force). Some of these standards include… Not accepting or issuing certificate with anything less than 2048 bits, No SHA1/MD5 Algorithm Certificates issued from CA’s […]

Read More

What is the CA/Browser Forum?

The Certification Authority Browser Forum, also known as CA/Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser software, operating systems, and other PKI (Encrypted) applications that make the industry guidelines. It governs the issuance and management of SSL and Code Signing  digital certificates that chain to a trust anchor root that is embedded in such applications. In cryptography, a certificate authority or certification authority (CA) is the notarizer that issues digital certificates. A digital certificate certifies the ownership of a public key that is passed to client by websites, server systems and other applications when performing encryption. If the security of the certificate is ever compromised the CA can revoke the certificate making browsers not trust the website or applications where […]

Read More

SSL Terminology (CA,SSL,Malware…)

SSL Terminology is important to understand the basics of SSL Indicators. Certificate Authority (CA): A third party entity that issues digital or SSL certificates. CA/Browser Forum: Governing entity responsible for establishing the standards of digital certificates purchased through CA’s Certificate Signing Request (CSR): A underdeveloped public key that is used to submit to a CA in order to get a SSL certificate. SSL Certificate/Public Key: Security protocol that allows a secure site to communicate privately with the Web browser. Works in conjunction with its unique Private Key. Private Key: A unique single most import part of key encryption. Rests on the server and works in conjunction with its public key to perform encryption. If damage, corrupted, or lost. It must be replaced with a […]

Read More

Maximum Validity of SSL Certificates Reduced to 3 Years

As of March 9th Symantec will only sell a maximum of 3-year OV (Organization Validated) and DV (Domain Validated) SSL Certificates. Maximum Validity of SSL Certificates Reduced to 3 Years. This restriction applies to new certificate issuance as well as renewals. Effective April 1, 2015, the CA/B Forum is reducing the maximum validity of OV and DV SSL certificates to 39 months in order to increase SSL/TLS security. Under these guidelines, no CA’s or their partners should offer greater than 3-year validity term OV/DV SSL certificates effective April 1, 2015. This restriction applies to new certificates and any re-issues. If you need to re-issue your SSL certificate after 1 April 2015 the re-issued certificate will have a maximum validity of […]

Read More