​Announcements & Articles

​Announcements & Articles

DigiCert Completes Acquisition of Symantec’s Website Security and Related PKI Solutions
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​DigiCert Completes Acquisition of Symantec’s Website Security and Related PKI Solutions

Home / ​​​DigiCert Completes Acquisition of Symantec's website security

DigiCert acquired Symantec under the terms of the agreement, $950 million acquisition of Symantec Website Security and PKI solutions related to SSL/TLS certificates business received in upfront cash proceeds and approximately 30% stake in the common stock equity of DigiCert.

DigiCert completes acquisition of Symantec’s certificate authority business on 31st October. The deal to acquire Symantec’s Website Security and Related PKI Solutions was first announced on August 3rd. DigiCert is a leading provider of scalable identity and encryption solutions.

Speaking on this occasion DigiCert CEO John Merrill said, “Today starts an exciting era for the current customers and partners of both Symantec and DigiCert, For Symantec customers, they can feel assured that they will have continuity in their website security and that we will provide a smooth transition. Our customers and partners will benefit from our accelerated investment in products and solutions for SSL, PKI, and IoT. DigiCert will also lead to shape PKI security standards through our participation in industry standards bodies to ensure our customers stay at the forefront of security practices. DigiCert is prepared for this opportunity.”

“The addition of Symantec Web PKI solutions to DigiCert will provide a customer experience that is second to none. We are excited for Symantec customers to benefit from solutions that help advance and strengthen website security,” said Greg Clark, Symantec CEO. “We expect Symantec and DigiCert customers to benefit from focused investment in the next generation of security solutions for our respective customers, and today’s action helps advance this important objective”

This acquisition will bring together the best minds in the industry and provide customers a reinforced technology platform, unparalleled customer support, and cutting-edge innovations. DigiCert will continue its operations from its headquarters at Lehi, Utah with a combined strength of around 1,000 professionals.

What Symantec Customers Can Expect

DigiCert has a strong reputation in the industry for being fast, reliable and excellent customer support. Symantec customers can experience this DigiCert’s service in addition to industry-leading OCSP response times, and award-winning PKI and IoT management platforms.

DigiCert’s platform is highly scalable and is designed for high-volume deployments for SSL and IoT and stress tested for billions of certificates. DigiCert will be able to continue providing industry-leading issuance times, even with the added Symantec Website Security business.

What DigiCert Customers Can Expect

Since announcement to acquire Symantec Website Security in the month of August 2017, DigiCert has focused to work on fixing the browser requirements for Symantec issued certificates and plans to replace with affected certificates for free and without disturbing to ongoing customer business in order to ensure continued trust.

“DigiCert is well positioned for this opportunity,” said Jody Cloutier, former senior program manager, Microsoft Cryptographic Ecosystem. “During my time at Microsoft managing the root store program, I always found DigiCert to be committed to advancing online trust. I expect that this acquisition will lead to increasing investments in new platforms and products that will benefit customers.”

DigiCert look forward to building a big security company and supporting all of Symantec’s Website Security and PKI solutions and their customers well into the future.

What DigiCert Customers Can Expect

The addition of Symantec’s Website Security to DigiCert brings together the best talent in the industry which will further the efforts to reinforce the SSL, PKI, and IoT based solutions.

Since announcement to acquire Symantec Website Security in the month of August 2017, DigiCert has focused to work on fixing the browser requirements for Symantec issued certificates and plans to replace with affected certificates for free and without disturbing to ongoing customer business in order to ensure continued trust.

“DigiCert is well positioned for this opportunity,” said Jody Cloutier, former senior program manager, Microsoft Cryptographic Ecosystem. “During my time at Microsoft managing the root store program, I always found DigiCert to be committed to advancing online trust. I expect that this acquisition will lead to increasing investments in new platforms and products that will benefit customers.”

DigiCert look forward to building a big security company and supporting all of Symantec’s Website Security and PKI solutions and their customers well into the future.

​What Acmetek Can Offer Its Customers & Partners?

Acmetek will be able to offer an even wider range of solutions from both Symantec and DigiCert. Current Symantec customers can continue to order and purchase certificates the same way they always have. In addition, they can still use existing Symantec management tools. Account management contacts, existing contracts, brands, and validity periods for certificates will remain the same, as does pricing as off now.

We are worked up about bringing together the best of what Symantec has to offer with DigiCert. Acmetek partners and customers are having amazing opportunities in terms of various advanced security solutions. With this acquisition is the best situation for all parties like DigiCert, Symantec clients, partners, and resellers. The SSL and PKI solutions platform have a great bright future with a new responsible leader in the website security industry.

We’ll keep on updating to our customers and partners for transmitting updates with regular communication for further questions. Acmetek has dedicated support team is standing by around-the-clock, ready to assist you with any questions or concerns you may have. Do you want to buy an SSL Certificates at low cost? Simply you can click on request a quote form to submit your requirements.

For the latest Acmetek news and updates, visit www.acmetek.com/announcements/ or follow us on Facebook @Acmetek and Twitter @Acmetek

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

Google Chrome Will Mark HTTP Sites ‘Not Secure’ from July 2018 with the Release of Chrome 68
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

Google Chrome Will Mark HTTP Sites ‘Not Secure’ from July 2018 with the Release of Chrome 68

Home / ​​​Google Chrome Will Mark HTTP Sites ‘Not Secure’

Google Chrome Will Mark HTTP Sites ‘Not Secure’ from July 2018 with the Release of Chrome 68

New Highlights:

​Google Chrome will start labelling all Non HTTP sites as "Not Secure"​The change will come with the Chrome 68 release in July 2018​Google’s Lighthouse tool, an open source app, helps developers run audits on web pages

​For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”.

As a part of this plan Google first rolled out with Chrome 58 when Google marked all HTTP pages as “Not Secure” if the web pages having password or payment credit card fields and the second stage with Chrome 62 version when Google marked all HTTP website pages opened in a private browsing windows as “Not Secure” and beginning in July 2018 with Chrome 68 release will mark all HTTP sites as “not secure” is the final stage.

​In a recent announcement, Google has confirmed that when users visit every HTTP websites on Chrome they will be flagged as "Not Secure" from July 2018 with the release of Chrome 68.

Developers have clearly heard the call, according to Google, the results of the efforts have been:

​Over 68% of Chrome traffic on both Android and Windows is now protected​Over 78% of Chrome traffic on both Chrome OS and Mac is now protected​81 of the top 100 sites on the web use HTTPS by default

​So it’s clear that HTTPS is the wave of the future when it comes to internet security.

Google Lighthouse Tool

Google itself has a Lighthouse tool is an open-source, automated tool for improving the quality of web pages. Google encourage websites to use HTTPS with its automated Lighthouse developer tool and other set-up guides to transition over.

​Take a Strategic Decision to Buying a Right SSL Certificate

Focus on choosing the right SSL Certificate for your business need. Before buying an SSL Certificate, you need to understand specific requirements to secure websites such as to protect Single Domain, Multiple Sub-Domains or Different websites. Move your website from HTTP to HTTPS with an SSL Certificate today!

If you want to know more how to protect your website and safeguard customer’s data? Please complete the form below to get more assistance from an Acmetek trusted security specialist advisor today!

​​What is Certificate Transparency?

Google’s Certificate Transparency is an open source project that aims to strengthen the SSL/TLS certificate system, which is the main cryptographic security system that underlies all HTTPS secure connections. It is a extra tier of certificate security that forms a Security Triad to ensure that clients navigating the internet are safe and secure in regards to web security.

What Is Certificate Transparency (CT)?

As the name implies, CT allows people on the internet to look at all certificates that have been issued by a Certificate Authority (CA). This is achieved using centralized logging to a collection of servers. These log servers talk to one another, to ensure consistency and reveal any unusual activity. Anyone can query the log servers to find out details on certificates that have been issued to anyone, by anyone. For example, a company could check to see what certificates have been created using its domains and details.

​In a nutshell, Certificate Transparency is a 3rd party auditing log required by Google/Chrome to display certificate ownership information.  The information is publicly audible.  Once the CT logging is enabled, that information will be public and can not be deleted from the log.  The following information appears in the CT log:

​Common Name​Subject alternative names​Organization name​CA (issuer) name​Serial number​Validity period​Extensions​Certificate chain

​*Note: that much of this information is already publicly available for external sites.

​The Security Triad:

If you haven’t noticed over the years all client web browsers have been implementing various security notifications regarding the safety of websites. Browser have become an Auditor of website security  and show notifications to clients when web-surfing.

These notifications will typically show green bars or  padlocks if everything is secure and safe.  Yellow exclamation marks to make client awareness that the website is not as secure as it can be. Lastly red strikes if the browser deems something that is considered unsafe for users. The notifications will vary from browser to browser, but in the end these are all just disclaimers to inform web visitors on the safety of the website. Anything can contribute to these browser notifications including outdated server software configurations, Mixed or Insecure Content, or the certificate running on the website.

Now with Certificate Transparency there is a Web Security Triad. Security is not just limited to the Certificate Authority (Monitor) and Client browser (Auditor) like it used to be. Here’s what’s going on now.

​CT is a middle logging system that holds a time-stamp of logs of the certificates that have been issued by the various CA’s.​The CA informs the Log Server of all certificates that get issued.​The CA Monitor and Browser Auditor work in conjunction with the CT Log Server to Monitor, and Audit logs for suspicious certs, and verify that all the certs issued are visible for the public community.​The Client browser Auditor verifies that the logs are behaving properly and informs  clients of anything suspicious that has happened in regards to certificate security.

​CT is something that happens behind the scenes and is pretty much unnoticeable to browser clients navigating the web, but with its implementation there is a faster response and a extra tier to client safety with navigating the web.

​For more information on Certificate Transparency feel free to visit Https://www.certificate-transparency.org

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

What is certificate transparency
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​​​What is Certificate Transparency?

Home / ​​​What is Certificate Transparency?

​​What is Certificate Transparency?

Google’s Certificate Transparency is an open source project that aims to strengthen the SSL/TLS certificate system, which is the main cryptographic security system that underlies all HTTPS secure connections. It is a extra tier of certificate security that forms a Security Triad to ensure that clients navigating the internet are safe and secure in regards to web security.

What Is Certificate Transparency (CT)?

As the name implies, CT allows people on the internet to look at all certificates that have been issued by a Certificate Authority (CA). This is achieved using centralized logging to a collection of servers. These log servers talk to one another, to ensure consistency and reveal any unusual activity. Anyone can query the log servers to find out details on certificates that have been issued to anyone, by anyone. For example, a company could check to see what certificates have been created using its domains and details.

​In a nutshell, Certificate Transparency is a 3rd party auditing log required by Google/Chrome to display certificate ownership information.  The information is publicly audible.  Once the CT logging is enabled, that information will be public and can not be deleted from the log.  The following information appears in the CT log:

​Common Name​Subject alternative names​Organization name​CA (issuer) name​Serial number​Validity period​Extensions​Certificate chain

​*Note: that much of this information is already publicly available for external sites.

​The Security Triad:

If you haven’t noticed over the years all client web browsers have been implementing various security notifications regarding the safety of websites. Browser have become an Auditor of website security  and show notifications to clients when web-surfing.

These notifications will typically show green bars or  padlocks if everything is secure and safe.  Yellow exclamation marks to make client awareness that the website is not as secure as it can be. Lastly red strikes if the browser deems something that is considered unsafe for users. The notifications will vary from browser to browser, but in the end these are all just disclaimers to inform web visitors on the safety of the website. Anything can contribute to these browser notifications including outdated server software configurations, Mixed or Insecure Content, or the certificate running on the website.

Now with Certificate Transparency there is a Web Security Triad. Security is not just limited to the Certificate Authority (Monitor) and Client browser (Auditor) like it used to be. Here’s what’s going on now.

​CT is a middle logging system that holds a time-stamp of logs of the certificates that have been issued by the various CA’s.​The CA informs the Log Server of all certificates that get issued.​The CA Monitor and Browser Auditor work in conjunction with the CT Log Server to Monitor, and Audit logs for suspicious certs, and verify that all the certs issued are visible for the public community.​The Client browser Auditor verifies that the logs are behaving properly and informs  clients of anything suspicious that has happened in regards to certificate security.

​CT is something that happens behind the scenes and is pretty much unnoticeable to browser clients navigating the web, but with its implementation there is a faster response and a extra tier to client safety with navigating the web.

​For more information on Certificate Transparency feel free to visit Https://www.certificate-transparency.org

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

​The FREAK Vulnerability
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​The FREAK Vulnerability

Home / ​The FREAK Vulnerability

​The FREAK Vulnerability

​The FREAK Vulnerability, What is happening?

​A new SSL/TLS vulnerability named “FREAK” was identified by several security researchers. This threat allows an attacker to get between a client and server and view what is intended to be a secure and private communication. The vulnerability is primarily due to a bug in OpenSSL client software, but only exploitable on poorly-configured web servers. Both clients and servers are at risk. Website owners can protect their sites by properly configuring their web servers by removing affected ciphers and restarting their servers. Note: That this vulnerability is not related to SSL certificates. Your existing certificate will continue to work as intended. No certificate replacement is needed.

​Why should a Acmetek Customer or Partner care?

​Customer webservers may be vulnerable to this issue. Organizations should evaluate their web servers to determine if they are vulnerable. Symantec offers an easy-to-use check in its SSL Toolbox to allow customers to easily verify that their web sites are safe or vulnerable.

​What Acmetek Customers Must Do?

It’s relatively easy to determine if a website is vulnerable, and if so, it’s relatively easy to change the configuration to block any possible attacks. Any type of web server (Apache, IIS, nginx, etc.) may be vulnerable if its configuration allows the use of so-called Export Ciphers. In Apache/OpenSSLdocumentation, for example, the names of these ciphers all begin with EXP (from https://httpd.apache.org/docs/2.4/mod/mod_ssl.html):

​EXP-DES-CBC-SHAEXP-RC2-CBC-MD5EXP-RC4-MD5EXP-EDH-RSA-DES-CBC-SHAEXP-EDH-DSS-DES-CBC-SHAEXP-ADH-DES-CBC-SHAEXP-ADH-RC4-MD5

​If a customer’s web server supports these ciphers, the customer must reconfigure the web server by removing these ciphers from the list of supported ciphers, and restart the web server. Although not related to this vulnerability, customers should also disable null ciphers if they are supported, since such ciphers do not provide any encryption of the SSL stream:

NULL-SHA

NULL-MD5

​In Windows, the names of export ciphers contain the string “EXPORT”. Here is a list taken from

http://support.microsoft.com/kb/245030:

SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA

SSL_RSA_EXPORT1024_WITH_RC4_56_SHA

SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

SSL_RSA_EXPORT_WITH_RC4_40_MD5

TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

TLS_RSA_EXPORT_WITH_RC4_40_MD5

NULL

We advise customers to consult their web server documentation to determine how to view the list of supported ciphers, and how to disable certain ciphers.

Frequently Asked Questions:

Q : How critical is this vulnerability?

​A : ​This vulnerability appears to be as slightly less critical than POODLE. Although an attack is difficult to carry out it is important for people prioritize this patch.

Q : What should customers do? 

A : Customers should remove the above listed affected ciphers (if they are supported by their web server) and restart their web server.

Q: ​Do SSL certificates have to be replaced?

A : ​No, this is not required.

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

SSLv2 – The “Drown” Attack
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​SSLv2 – The “Drown” Attack

Home / ​​​​SSLv2 – The “Drown” Attack

​SSLv2 – The “Drown” Attack

​Just recently there has been a lot of news regarding a vulnerability with SSLv2 (SSL2.0) and what has been named the Drown Attack. You will see articles saying “Drown Attack effects over 1/3 of the worlds websites, ” “No one is secure on the internet anymore,”  More than a Million sites effected!” etc.. the list goes on and on.

Allow me to calm some fears you may have..

Unless your have NOT touched your server system since 2011 then don’t worry. SSLv2 which was created back in 1995 was considered an obsolete protocol back in 2011, and more than likely you are not using it. Because the following…

​Browsers such as Chrome have by default put a stop to the use of this protocol as default on their browsers since 2011.​You would have seen errors within your browser regarding the use of this the SSLv2 protocol running on the website, and would have turned this protocol off already.​Every couple of years a Digital Certificate gets updated on server systems that is part of encryption, and during this time you probably used a certificate checker to see if everything is ok. That SSL Checking tool more than likely told you that status of that server system and would have made you aware of SSLv2 being obsolete years ago.​If you are PCI compliant then you are not using SSLv2, or any SSL protocol for that matter.

The DROWN stands for Decrypting Rsa with Obsolete and Weakened eNcryption and it allows attackers to break the encryption enabling that hacker  to read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.

On March 01, 2016, The United States Computer Emergency Readness Team (US-Cert) released this on their website. 

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.

US-CERT encourages users and administrators to review Vulnerability Note VU#583776 and the US-CERT OpenSSL Current Activity for additional information and mitigation details.

So this really shouldn’t be news since SSLv2 was considered obsolete back in 2011. It was bound to happen sooner or later.

If you do happen to be effected by SSLv2 or would like to double check Qualys has an amazing SSL checking tool that goes deep into the health of a server system. SSLSupportDesk.com has a great article on how to use and read this checker featured here. 

​More information can be found https://drownattack.com/

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

​Encryption Standards Require Replacing SHA1 With SHA2 Certificates
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​Encryption Standards Require Replacing SHA1 With SHA2 Certificates

Home / ​​​​​Encryption Standards Require Replacing SHA1 With SHA2 Certificates

​What is SHA1 and why is it being depreciated?

​Security always needs to be a proactive campaign. Not updating or keeping up with the progress of technology will open doors in security and will leave businesses open to be hacked.

​SHA1 was the Algorithm that was used to create and sign encryption keypairs that are used to scramble data on websites, and applications. SHA1 was a replacement for MD5, and now SHA2 is the replacement for SHA1. 

 The CA/Browser Forum, is the governing entity of leading web browsers and certificate authorities (CAs) working together to stay proactive with security and publish their Baseline Requirements for SSL regarding the security standards of the web industry. These Requirements recommend that all CAs transition away from SHA-1 as soon as possible, and to discontinuing issuing SHA1 public facing certificates. The reason being that due to the progress of technology this old algorithm is on the verge of being exploited. 

Browser’s like Internet Explorer,  Firefox and Chrome are inforcing these standards but placing errors within their browsers associated with these standards. According to Google’s “Gradually Sunsetting SHA-1”, Chrome version 39 and later will display visual security indicators on sites with SHA-1 SSL certificates with validity beyond January 1, 2016.

In short:

Most browsers will not trust certificates that use SHA1 After 12/31/2016.

If you do not want to get an error on your website you will have to replace that old SHA1 certificate with a newer SHA2. 

How to Replace your old SHA1 certificate with SHA2?

​To do List:

​Identify certificates that have a SHA-1 algorithm. Since the standard is already in effect you would definitely know if you still have a SHA1 certificate from the browser errors you would be getting in chrome.​Contact your Certificate Authority for procedures in replacing any SHA-1 certificates with the SHA-2 certificates.Note: If your SSL certificate was issued through Acmetek Click HERE.​Install your new SHA2 SSL Certificate to your server.​Test your SSL installation by using an SSL Checker.

​These standards are always changing. Especially with how fast new technologies are coming out. SSL Certificates are a method of enforcing industry standards to make a more secure internet for everyone.

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

GoDaddy & Let’s Encrypt Causes Security Concerns and Leaks.
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​GoDaddy & Let’s Encrypt Causes Security Concerns and Leaks

Home / ​​​​GoDaddy & Let’s Encrypt Causes Security Concerns and Leaks.

​​GoDaddy & Let’s Encrypt Causes Security Concerns and Leaks.​

​GoDaddy last week has begun the process of re-issuing SSL certificates for more than 6,000 customers after a bug was discovered with there DV (Domain Validated) automated registrar’s validation process. This automated process of getting a certificate is one of the fastest ways of getting a validated digital certificate used to encrypt and validate websites or networks.

“GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process. ” “The bug caused the domain validation process to fail in certain circumstances.” Thayer VP and General Manager of Security Products at GoDaddy said in a statement.

When we hear terms such as “Improve Certificate Issuance Process” it usually means make things faster, or more automated. Keep in mind that GoDaddy is not a security company they are into hosting. Being a Certificate Authority (CA) is just a by product of the service they provide. The issue exposed sites running SSL certs from GoDaddy to spoofing where a hacker could gain access to certificates and pose as a legitimate site. Enabling a hacker the spread of malware, or steal personal information such as Banking login credentials. This move to “Improve” a certificate issuance comes from fear from a new free CA that has debut called Let’s Encrypt.

Let’s Encrypt is a free, automated, and open CA brought to you by the non-profit Internet Security Research Group (ISRG). The move for this free automated process is to help the industry migrate to enable HTTPS(SSL/TLS) for websites in the most user friendly way possible. It is meant to significantly lower the complexity of setting up and maintaining TLS encryption.

Features of Let’s Encrypt.

​Let’s Encrypt issues Only domain-validated certificates, since they can be fully automated. Organization Validation and Extended Validation Certificates are not available.​Let’s Encrypt issues certificates valid for 90 days. Their reason is that these certificates “limit damage from key compromise and mis-issuance” and encourage automation. The official certbot client and most of the third-party clients allow automation of the certificate renewal.​Only Open Source Linux systems are capable with Lets’Encrypt automation.​No wildcard functionality (currently).​Elimination of payment, web server configuration, validation email management and certificate renewal tasks.

The Ugly/Disadvantages:

​One disadvantage that makes big companies Not consider Let’s Encrypt is that visitors that connect to the site can’t be sure that it is the actual company that hosts the site. This is because Let’s Encrypt issues DV certificates for a domain free of charge without identity validation (personal or corporate)​Automatic renewal of these certificates tends to lead IT admins to neglect security upkeep’s on there systems. Majority of the time when an admin is made to visit a system due to a certificate needing an update they discover that they are out of compliance with needed patches and configurations. This can lead to backdoor hacking due to dated software and standards if left untouched.​The free cost of these certificate allows hackers to achieve a certificate. The potential for Let’s Encrypt being abused by those who can freely get these certificates are very present. Hackers tend to not want to spend money to achieve their goals.

Any technology that is meant for good can be abused by cyber criminals, and digital certificates like those of Let’s Encrypt’s are no exception. This trust system can be abused. There is one reported case where an attacker/malvertiser was able to perform a technique called “domain shadowing.” Domain shadowing is when the attacker is able to create sub domains under the legitimate site. With an embedded advertisement on a website an end user could click on a malicious add thinking that they are visiting an alternate page. In reality though they have been lead to the hackers malvertising server which could download a trojan or Randsomeware into that users system. A certificate authority that automatically issues free certificates specific to these sub-domains may inadvertently help cyber criminals, all with the domain owner being unaware of the problem and unable to prevent it.

​Domain-validation certificates only confirm that the relevant domain is under the control of the site recipient. In theory, this will not validate the identity of the recipient. End users that visit these sites are unaware of the nuances of certificates may miss the differences, and as a result, these DV certificates can help the hacker gain legitimacy with the public. There is nothing wrong with the procurement of a DV certificate. Depending on the circumstances DV is advised for internal networks when there is a need for a quick cost effective resolution. Security is always is a Pro-Active industry. Cutting corners and making things easy for the sake of convenience is a double edge sword, and could lead to a loss of business and good reputation. Needless to say approach with caution.

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

CA/Browser Forum Passes Ballot 193 – 825 day Certificate Lifetimes
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​CA/Browser Forum Passes Ballot 193 – 825 day Certificate Lifetimes

Home / ​CA/Browser Forum Passes Ballot 193 – 825 day Certificate Lifetimes

​​CA/Browser Forum Passes Ballot 193 – 825 day Certificate Lifetimes

The Certificate Authority Browser Forum, Also known as CA/Browser Forum, is a voluntary consortium of Certificate Authorities such as Symantec, Digicert, Comodo, and tech Operating System makers such as Apple, Mozilla, Microsoft, etc.. decide the fate of security on the internet. The CA/Browser Forum purpose is to be proactive, and keep the internet secure for users and businesses all over the world.

​The CA/Browser Forum recently passed Ballot 193 will effect all Certificate Authorities and those who manage SSL/ TLS Certificates. Effective almost immediately (April 22, 2017).

Effective April 22, 2017 - Reduces the length of time that authenticate information can be re-used to authenticate subsequent certificate, from 39 months (3 years 2 months) to 27 months (825 days / 2 years) New, Renewal and Replacement certificates will be subject to this change. This seems a little abrupt and might be changed in order for the CA’s to prepare for this new standard but should not effect the majority of clients while this transition is taking place.​Effective March 1, 2018 - Decreases the maximum validity period of SSL/TLS Certificate to 27 months (825 days). Eventually there will be no more three year option. No certificate after this date can have a validity passed 27 months.

Things to know:

Authentication:

Existing certificates:

​Are not effected. The authentication work is already complete and no action is necessary.​Reissue (replacement) of your SSL Certificate:​DV (Domain Validated Certificates) – DV certificate reissues such a Quick SSL or Rapid SSL Products currently undergo domain validation; this there is no impact to DV certificate reissues. Reissued 3rd certificates after March 1 2018​OV (Organization Validation) – Some OV reissues for products like True ID or Secure Site may not instantly issue in the event that the authenticated data used to approve the original certificate is older than 825 days or is otherwise no longer valid. In some cases, reissues will undergo authentication, though many reissue will continue to be instantly issued. Typically 3 year certificate may be effected by this revalidation and not get automatically reissued.​EV (Extended Validation) – EV reissues are not impacted due to their already 2 year 825 validity day nature.​Renewal certificates:​Certificate renewal will continue to leverage existing authentication and automation whenever possible, and in many cases will be quickly approved.​With the shorter validity of authentication data (27 months), renewals will require more frequent authentications.​With the shorter validity period network admins will have visit their server & networks more frequently for CSR generation and SSL installation.

​Technical:

Reissues/Replacements​​Since the technical validity of a certificate after the date of March 1, 2018 can only have a 27 month / 825 day lifespan if for whatever reason a reissue is needed the certificate may have time removed from their certificate.​Example: If an Admin gets a new/renewed 3 year certificate on February 29th 2018 and needs to perform a reissue due to a technical matter we could see a certificate cut to 27 months instead of 37 months.Note: Due to this technicality Acmetek will be proactive and will put a stop to 3 year certificate enrollments to closer the deadline approaches to prevent this scenario the best we can.

​To keep up with the progress of technology the CA/Browser Forum is always coming up with new industry standards. These standards guide and move the internet to a more safer and secure environment for its users. Information regarding the CA/B Forum on is always made publically available at cabforum.org

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

SSL Installation Instructions (All Systems)
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​SSL Installation Instructions (All Systems)

Home / ​SSL Installation Instructions (All Systems)

​SSL Installation Instructions (All Systems)

After your certificate has been issued like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. It will be either in the application or left somewhere on a directory and path you choose when you generated the CSR. Your SSL certificate will not work without this private key file.

If you do not see your server listed perform a search, or you may have to contact your server vender or hosting provider for best practices on how to install a SSL certificate on your system.

​Check your SSL installation with the Symantec Certificate Checker 

​Instructions for server vendors:

A:

Apache (OpenSSL/Nginx, ModSSL)

Apple Mac OS x 10.6Apple Mac OS x 10.11

Aruba ClearPass

B:

Barracuda SSL VPN

C:

Citrix Netscaler

Cisco ASA 5510Cisco Wireless LAN Controller

cPanel

F:

F5 BIG IPF5 FirePassFortiGate

I:

IBM AS/400 iSeriesIBM WebSphere

J:

Juniper

JBoss http

JBoss Tomcat using x509 JBoss Tomcat pkcs7

K:

Kemp 6.x

M:

Microsoft Azure

Microsoft Active Directory LDAP

Microsoft Exchange 2010Microsoft Exchange 2013

Microsoft ForefrontMicrosoft Sever 2008 – IIS 7 & 7.5Microsoft Server 2012 – IIS 8 & 8.5

Microsoft Lync

Microsoft Office 365

Microsoft Sharepoint 2010Microsoft Sharepoint 2013

O:

Oracle Wallet Manager

P:

Plesk 11.xPlesk 12

S:

SonicWall

SAP Web Application Server

SRT Titain FTP

T:

Tomcat pkcs7 Tomcat x509

W:

Web Host Manager (WHM)

​Z:

Zimbra

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

Symantec/Digicert- Google Reissue
Support : +1 (508)-532-8773 Country India

​Announcements & Articles

​​Symantec / Digicert- Google Reissue

Home / ​Symantec / DigiCert - Google Reissue

​You May Have to Reissue your Certificate!!

Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec/Geotrust/Thawte/Rapidssl-issued certificates while balancing the SSL/TLS implementations currently deployed. 

Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the new Digicert platform. These will be replaced at no cost to all certificates issued prior to December 1st 2017, and Digicert will work to ensure a smooth process. Many customers have already received information on certificate replacement, and more information will be forthcoming for affected parties.

Acmetek is currently working on a smooth transition for their clients and will be notified if they have an effected cert by this transition in the next couple of months. 

Things to know:

​This reissue only pertains to SSL Certificates where clients access websites/applications via Chrome. ​If your clients are not using Chrome you do NOT need to perform the reissue. ​Symantec/Geotrust/Thawte/Rapid SSL Certificates Issued Prior to December 1st 2017 will have to be reissued into the new chain hierarchy under the Digicert umbrella. ​All Certificates Issued after December 1st 2017 will automatically be placed under the Digicert umbrella new chain hierarchy.​All Certificates Renewed after December 1st 2017 will automatically be put under this new chain hierarchy.​These Reissues will allow your certificates to be trusted by all versions of Chrome.​Symantec Roots are NOT being removed.​This does not effect code signing or other non SSL products.​Newly issued 3 year certificates issued before Dec.1st and during 2017 must be reissued/renewed before Feb 1st 2018.​Max Deadline to have all certificates reissued, or renewed is August 1st 2018. Some Reissues may need to be re-authenticated depending on when the certificate was last issued.

Authentication Things to Know:

​Digicert has a more robust, modern, and quick Authentication platform. Please review Digicert’s Certificate Validation Process to know more. ​Initially, The biggest hold-ups that customers can control are:​DCV (Domain Confirmation Verification) for security the verification goes to the domain admin, not the cert admin.​The verification call (making sure someone is aware at the main number that there will be a verification call within the next 24 hours)​Having you provide the correct legally registered name for the organization to avoid Digicert having to ask for it later.​After initial Authentication has been processed…as long as the contact and organization info is the exact same.. Digicert will streamline the processing for future orders or Reissues. 

​If you already know your Symantec/Geotrust/Thawte/RapidSSL Issued SSL Certificate is effected you simply need to perform a free reissue of your current certificate order. Acmetek client’s will see a notification and eventually receive a communication on how to perform the reissue their SSL Partner Center.

About Us

Who is Acmetek

Become A Partner

SSL Certificate Free Trial

FaQ

Legal Repository

Sitemap

Support

​CSR Generation

​SSL Integrations

​SHA-2 Zone

​SSL Tools

​SSL Support Desk

​Blog

Location
USA Office:
Acmetek Global Solutions Inc,​6735 Salt Cedar Way,​Building 1, Suite 379, Frisco, TX 75034​Phone: ​ +1 (508)-532-8773
Asia / Pacific Office:
Acmetek SSL & AuthenticationSolutions Pvt.Ltd,Ace Krishna Prime, 304, Road No.1,​Lakshmi Nagar Colony,Kothapet,Hyderabad-500035,India.​Phone: 040-40023656
Contact Sales

​Request A Call

​Request Pricing

We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

© 2019 Acmetek. All Right Reserved.

Location
USA Office:
Acmetek Global Solutions Inc,
​​707 Alexander Rd,
​​Princeton, New Jersey 08540, USA.
6735 Salt Cedar Way,
​Building 1, Suite 379, Frisco, TX 75034.
Asia / Pacific Office:
Acmetek SSL & Authentication Solutions Pvt.Ltd,
Ace Krishna Prime, 304, Road No.1,
Lakshmi Nagar Colony,Kothapet,
Hyderabad-500035,India.
Phone: 040-40023656
Contact Sales
We Are Social

Follow the social journey for SSL Offers, Industry Announcements and Updates.

Twitter
Linked In

© 2019 Acmetek. All Right Reserved.