Posts by jrowley

The Latest on Certification Authority Authorization

Posted by on March 21, 2017 in Blog | 0 comments

Things are certainly heating up at the CA/Browser with exciting proposals surrounding inclusion of the Wi-Fi Alliance (WFA) as a subjectAltName otherName, new validation methods, and debates over how the CAB Forum will continue operating. One of these newly passed ballots requires all CAs to check and process a domain name’s DNS Certification Authority Authorization (CAA) resource record prior to issuing a digital certificate. Background RFC 6844 created CAA records as a method for domain owners to specify a policy on which certificate authorities are authorized to issue certificates for the...

Read More

Google Certificate Transparency (CT) to Expand to All Certificates Types

Posted by on November 8, 2016 in Blog | 0 comments

The policy change goes into effect October 2017 A recent Google announcement stated that all publicly trusted SSL/TLS certificates issued in October 2017 or later will be expected to comply with Chrome’s Certificate Transparency (CT) policy or be untrusted by the browser. Since January 2015, Chrome has required Extended Validation (EV) certificates to comply with CT. With this policy change, the Chrome CT policy will also apply to Domain Validated (DV) and Organization Validated (OV) certificates. For more than two years, CAs have supported CT for EV certificates while preparing for when CT...

Read More

SSL Certificate Validity Periods Limited to 39 Months Starting in April

Posted by on February 19, 2015 in Blog | 0 comments

Shorter validity enhances online security without overburdening administrators In accordance with the CA/Browser Forum Baseline Requirements, effective April 1, 2015, Certificate Authorities (CAs) will no longer be able to issue SSL Certificates with a validity period longer than 39 months. Shortening the validity period to 39 months is the result of much consideration within the CA/Browser Forum to arrive at a duration that allows optimal usability while maintaining the tightest network security. A shortened validity period will significantly improve Internet security by requiring...

Read More

Code Signing Baseline Requirements

Posted by on October 20, 2014 in Blog | 1 comment

Code signing certificates are used to sign software objects to authenticate that they originated from a verified source, allowing developers to avoid warnings commonly displayed by application software vendors such as Microsoft operating systems and Java. A fraudulent code signing certificate can wreak havoc on networks, spreading malware and adware without restraint. Certificate Authorities are tasked with ensuring that code signing applicants are legitimate entities and provide accountability for use of the certificate. Over the past few months, the CA/Browser Forum’s code signing working...

Read More

Revocation – A Cure For the Common Heartbleed

Posted by on April 28, 2014 in Blog | 0 comments

The Heartbleed bug spurred server administrators worldwide to work closely with Certification Authorities (CAs) in rekeying and reissuing potentially vulnerable SSL certificates. Part of this effort included revoking existing certificates used on vulnerable servers to ensure obtained private keys are not later used in a man-in-the-middle attack against the website. Unfortunately, in recent days, certain news reports and blogs addressing certificate revocation and checking for revoked certificates online have failed to discuss the benefits of revocation, instead focusing on the minority of...

Read More