Getting the Most Out of SSL Part 1: Choose the Right Certificate

Posted by on May 24, 2013 0 comments

SSL and HTTPS are two of the most common security technologies on the internet today, but at the same time their use can be complex and challenging to get right. Over the next few weeks, we’ll be publishing a series of articles aimed at identifying some of the decisions that need to be made when buying, installing, and using SSL certificates. In this first installment, I’ll discuss some of the issues to consider when buying and requesting a certificate. Our first recommendation is that you acquire an SSL certificate that is trusted by browsers rather than using a self-signed...

Read More

CAs Support Standards and Regulations

Posted by on May 10, 2013 0 comments

There is an industry myth that certification authorities (CAs) are not regulated. In fact publicly-trusted SSL CAs support the development of industry regulations and have been audited annually to ensure compliance to the many requirements. To provide some history, SSL CAs have always self-policed themselves by having external audits performed. In the ‘90s, the CAs wrote certificate policies and certification practice statements requiring annual compliance audits. Since there were no CA audit criteria, the CAs contracted for SAS 70 audits. In 2000, the AICPA and CICA developed the...

Read More

An Introduction to OCSP Multi-Stapling

Posted by on May 7, 2013 0 comments

OCSP Stapling OCSP is a protocol used to check the validity of certificates to make sure they have not been revoked. OCSP is an alternative to Certificate Revocation Lists (CRLs). Since OCSP responses can be as small as a few hundred bytes, OCSP is particularly useful when the issuing CA has relatively big CRLs, as well as when the client has limited memory and processing power. OCSP can also provide much more timely information than CRLs about the status of a certificate since the information is generally fetched more frequently. Additionally, OCSP can report if the CA actually issued a...

Read More