Ask SSL Support Desk: Are SSL Certificate NIST compliant? NIST: National Institute of Standards and Technology

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: Are SSL Certificates NIST compliant?  Short Answer: Yes. Actually, NIST was responsible for Certificate Authorities (CA) such as Digicert, Entrust, Comodo to start implementing the 2048 key pair bit length standard with SSL/TLS Certificates. More Information: Within the realm of Website and Network Security there are many institutions that “Set the Standard” to the way people and organizations conduct their infrastructure. Without standards there would be no consistency among product developers, manufactures, cyber security, […]

Read More

Cerberus FTP – SSL Installation

Cerberus FTP  is a unique server system that uses pem files similar to Apache. As far as Apache “Type” systems go, this one is impressively easy to work with. To install your SSL Certificate on a Cerberus FTP system perform the following. Step 1: Downloading your SSL Certificate & its Intermediate CA certificate: If you had the option of server type during enrollment or a lot of times selected something Other than Microsoft you will receive a x509/.cer/.crt/.pem version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate. Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– […]

Read More

Encryption Protocol TLS 1.3 Released.

The Internet Engineering Task Force (IETF) —the organization that approves proposed Internet standards and protocols has approved TLS 1.3 as the next version of the Transport Layer Security (TLS) protocol.  TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. How Does This Pertain to SSL Certificates? In short, Technically Nothing. The term SSL certificate has been used for the purposes of marketing since the creation of the digital certificates.  SSL just like TLS are actually protocols that utilize a digital certificates public & private keypair . A digital certificate keypair by itself  is  nothing more than a place holder of 2048 bits or greater and is needed in […]

Read More

Pulse Secure – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system. With Pulse Secure you will need to complete the pending request that was left on the system from when you created your CSR. Your certificate authority should have given you an Apache format or Other x509 type of SSL Certificate and Intermediate CA. To install your SSL Certificate into Pulse Secure perform the following. Step 1: Downloading your SSL […]

Read More

Microsoft Azure – CSR Generation & SSL Installation Guide Using The Digicert Certificate Utility

Azure requires a pfx/p12 for its SSL Certificate installation. This file can only be generated from a Windows system or an application. You will never attain such a file from a Certificate Authority. Typically in order to get an SSL Certificate for your Azure cloud services Admins will use Windows Server IIS (Internet Information Services) to generate the pfx/p12 keypair used to import into Azure, but not everyone has IIS. The Digicert Certificate Utility for Windows allows for the ability for admins to create the .pfx file needed for Azure systems without the need for a Windows Server. This guide will carry you through the following: CSR generation SSL installation Export of installed certificate as a pfx Import pfx into […]

Read More

Troubleshooting: Unsupported Protocol – ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Not all browser related errors are associated with SSL Certificates. Many are due to server configurations that set up communication between the website/server to the clients browser. Different browsers will showcase errors differently. But ultimately the troubleshooting process regarding these errors are the same. What is a Protocol or a Cipher? Protocols and Cipher Suites are the actual communication language that performs encryption. When the browser and the server/website communicate they are require to speak the same language. If a server is not configured to use the languages that the browser wants to use then both the browser and the server will not be able to communicate. This results in a communication failure. Errors typically seen pertaining to protocols & […]

Read More

Microsoft Server 2016 – IIS 10 & 10.5 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft like Microsoft Server 2016 – IIS 10 & 10.5 the private key is hidden away and will only appear once the CSR request has been completed. Your SSL certificate will not work without this private key file. We will assume that this is the original system. To Install your SSL certificate on Windows Server 2012 – IIS 8 & 8.5 perform the following. Step 1: Picking up your SSL Certificate: If you had the option […]

Read More

Google Makes Certificate Transparency Mandatory On Chrome.

Last year Google once again flexed its muscles by announcing the requirement for Certificate Transparency for all new SSL/TLS certificates in October 2017. This has since been pushed back until April 2018. This requirement means that Chrome will no longer trust new SSL/TLS certificates that are not qualified for Certificate Transparency (CT). CT is a method to publish all certificates in one or more publicly available CT logs, which meet the qualification requirements established by Google. CT logs can be audited to ensure they are honest. Domain owners and people all over the world can use the CT logs to monitor their domains and discover SSL/TLS certificates for more detailed information on CT visit our article What is CT? Certificate Transparency Benefits? […]

Read More

Symantec/Digicert- Google Reissue You May Have to Reissue Your SSL Certificate.

You May Have to Reissue Your Certificate!! Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec/Geotrust/Thawte/Rapidssl-issued certificates while balancing the SSL/TLS implementations currently deployed.  Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the new Digicert platform. These will be replaced at no cost to all certificates issued prior to December 1st 2017, and Digicert will work to ensure a smooth process. Many customers have already received information on certificate replacement, and more information will be forthcoming for affected parties. Acmetek requests that all clients/users of the SSL Partner Center to perform these reissues as soon as possible to avoid warning messages […]

Read More

WAMP Server (Wampserver) – SSL Installation

WAMP Server (Wampserver) is built off apache, a very custom environment and your system may differ. Below are generalized instructions. If you have a custom installation, you will need to adjust these instructions appropriately. Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system. Note: Locations may vary in different installations of Wampserver. Since Wampserver is built off Apache the instructions below are generalized. Apache is a very customizable […]

Read More