PKI Blog

Broken Trust: Symantec's Untrusted Verisign Root CA

Posted by Michael F. Starke on Dec 18, 2015 4:32:22 PM

Left in the Dark: When the Sun Sets Too Early

The Internet security landscape is constantly changing.  Data drives the decisions that organizations make about their security posture; when that data is incomplete, forecasting the consequences of security changes becomes nearly impossible.  Earlier this month, at the prompting of Symantec Corporation, Google has removed trust for a legacy Verisign CA root certificate from their products including the Android mobile operating system and Chrome web browser.

Read More

Topics: SSL certificate, certificate research, root CA

Where Does My Heartbleed Now?

Posted by Chris Hickman on Apr 15, 2014 6:00:29 AM

Vulnerabilities tend to morph over time. Upon initial identification, researchers, companies, and experts tend to rush to offer opinions, sometimes factual and sometimes less so.

Read More

Topics: Heartbleed, private key ssl, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, private keys, OpenSSL, Heartbleed vulnerability, private key, SSL certificate, Azure PKI, PKI, PKI as a Service (PKIaaS), heartbleed bug, SSL bug, private key heartbleed, Heartbleed android, Blog, private keys vulnerable

1024-bit RSAs Days are Numbered

Posted by Ted Shorter on Jul 9, 2013 6:49:48 AM

In December of 2011, the CA/Browser Forum, comprised of representatives from the major Certification Authorities such as Symantec, Comodo, GoDaddy, and DigiCert, as well as browser vendors such as Microsoft, Apple, Mozilla, and Opera, published a document called "Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates.” This document outlines an agreed-upon set of minimum standards for SSL/TLS cert vendors.

One of these standards essentially calls of the elimination of certificates with 1024-bit RSA public keys by the end of 2013: any RSA-keyed certificate, even end-entity (“subscriber”) certificates, that expire after Dec. 31, 2013, must have a key of at least 2048-bits. This is big news in some circles; a number of public cert vendors have had to change their procedures, and, more significantly, start migrating their customer bases to 2048-bit certs. Many started this process quite a while ago.

Read More

Topics: digital certificate, RSA cert length, apple, Symantec, Public Key Infrastructure, Comodo, certificate 2013, RSA certificate length, Industry Trends, DigiCert, SSL certificate, 1024-bit RSA, PKI, TLS cert, Microsoft PKI, digital certificate length, Blog, 1024 certificate length, cert length 2013, GoDaddy, Mozilla

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?