![]() |
Announcements & Articles
Stay informed about the Acmetek Announcements & Articles and more. |
Google’s Certificate Transparency is an open source project that aims to strengthen the SSL/TLS certificate system, which is the main cryptographic security system that underlies all HTTPS secure connections. It is a extra tier of certificate security that forms a Security Triad to ensure that clients navigating the internet are safe and secure in regards to web security.
As the name implies, CT allows people on the internet to look at all certificates that have been issued by a Certificate Authority (CA). This is achieved using centralized logging to a collection of servers. These log servers talk to one another, to ensure consistency and reveal any unusual activity. Anyone can query the log servers to find out details on certificates that have been issued to anyone, by anyone. For example, a company could check to see what certificates have been created using its domains and details.
In a nutshell, Certificate Transparency is a 3rd party auditing log required by Google/Chrome to display certificate ownership information. The information is publicly audible. Once the CT logging is enabled, that information will be public and can not be deleted from the log. The following information appears in the CT log:
*Note: that much of this information is already publicly available for external sites.
If you haven’t noticed over the years all client web browsers have been implementing various security notifications regarding the safety of websites. Browser have become an Auditor of website security and show notifications to clients when web-surfing.
These notifications will typically show green bars or padlocks if everything is secure and safe. Yellow exclamation marks to make client awareness that the website is not as secure as it can be. Lastly red strikes if the browser deems something that is considered unsafe for users. The notifications will vary from browser to browser, but in the end these are all just disclaimers to inform web visitors on the safety of the website. Anything can contribute to these browser notifications including outdated server software configurations, Mixed or Insecure Content, or the certificate running on the website.
CT is something that happens behind the scenes and is pretty much unnoticeable to browser clients navigating the web, but with its implementation there is a faster response and a extra tier to client safety with navigating the web.
For more information on Certificate Transparency feel free to visit Https://www.certificate-transparency.org
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Server Gated Cryptography (SCG) certificates are used for maintaining a 128 bit connection irrespective of browser age. They are designed to step up the encryption to 128 bit. With the new norm of SHA-256 for all SSL certificates.
The thawte product thawte SGC SuperCert will no longer be compatible with SHA-256. This is the reason why thawte announced they will discontinue their SGC SuperCert product in the 2nd Qtr of 2015.
Acmetek recommends the SSL Web Server with EV as a suitable replacement certificate. Added benefit with this certificate is it also offers Green Bar at a similar cost.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Overview
The security environment is constantly changing as hackers become more sophisticated and your customers increasingly reach for mobile or tablet devices to carry out transactions online. Keeping up with the developments in malware and continuing to provide a secure and trustworthy experience for your customers is vital.
As a leader in SSL security, Symantec is always working on new solutions that help your business to anticipate and meet increasing security demands, and provide a safe environment for your customers.
Harnessing the latest technology, Symantec SSL certification with ECC is an easy way for your business to address the impending move to 2048-bit encryption and benefit from the explosion in mobile device and tablet use. ECC is a U.S. government-approved and National Security Agency-endorsed encryption method that offers your business enhanced security and better performance than current encryption.
Better Performance, Stronger Security with the ECC Algorithm
Elliptic Curve Cryptography (ECC) creates encryption keys based on the idea of using points on a curve to define the public/private key pair. It is difficult to break using the brute force methods often employed by hackers and offers a faster solution with less computing power than RSA-based encryption.
Key Benefits
Compatibility
We know that keeping up with security requirements, compliance and threats can be difficult, and that’s why Symantec creates solutions that will make protecting your business easier.
Symantec’s ECC roots have been available in the top three browsers since 2007, so Symantec’s ECC certificates will work in your existing infrastructure as long as modern browsers are used.
Why Acmetek?
Acmetek is a Symantec Website Security Solutions Authorized Distributor and a Platinum Partner. Our certificates include certificate management, vulnerability assessment, malware scanning, and life time support for the certificate. You also get the Norton Secured Seal and Symantec Seal-in-Search to assure customers that they are safe when they search, browse or buy on your websites.
Rest easy knowing your website is protected by the #1 choice for SSL security. Symantec SSL Certificates secure more than one million web servers worldwide— more than any other Certificate Authority. In fact, 97 of the world’s 100 largest SSL-using banks and 81% of the 500 biggest e-commerce sites in North America use SSL Certificates from Symantec.
How to get SSL Certificates with ECC from Acmetek?
Symantec Premium SSL Certificates, Secure Site Pro and Secure Site Pro with EV, now give you the option of using the high security ECC algorithm (included free) to deliver stronger security than standard encryption methods while improving performance.
Visit the Symantec Secure Site Pro pages to sign up for a certificate or renew your current subscription.
or
Become a Partner and create additional revenue stream while we do the heavy lifting for you.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
A new SSL/TLS vulnerability named “FREAK” was identified by several security researchers. This threat allows an attacker to get between a client and server and view what is intended to be a secure and private communication. The vulnerability is primarily due to a bug in OpenSSL client software, but only exploitable on poorly-configured web servers. Both clients and servers are at risk. Website owners can protect their sites by properly configuring their web servers by removing affected ciphers and restarting their servers. Note: That this vulnerability is not related to SSL certificates. Your existing certificate will continue to work as intended. No certificate replacement is needed.
Customer webservers may be vulnerable to this issue. Organizations should evaluate their web servers to determine if they are vulnerable. Symantec offers an easy-to-use check in its SSL Toolbox to allow customers to easily verify that their web sites are safe or vulnerable.
It’s relatively easy to determine if a website is vulnerable, and if so, it’s relatively easy to change the configuration to block any possible attacks. Any type of web server (Apache, IIS, nginx, etc.) may be vulnerable if its configuration allows the use of so-called Export Ciphers. In Apache/OpenSSLdocumentation, for example, the names of these ciphers all begin with EXP (from https://httpd.apache.org/docs/2.4/mod/mod_ssl.html):
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-ADH-DES-CBC-SHA
EXP-ADH-RC4-MD5
If a customer’s web server supports these ciphers, the customer must reconfigure the web server by removing these ciphers from the list of supported ciphers, and restart the web server. Although not related to this vulnerability, customers should also disable null ciphers if they are supported, since such ciphers do not provide any encryption of the SSL stream:
NULL-SHA
NULL-MD5
In Windows, the names of export ciphers contain the string “EXPORT”. Here is a list taken from
http://support.microsoft.com/kb/245030:
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
NULL
We advise customers to consult their web server documentation to determine how to view the list of supported ciphers, and how to disable certain ciphers.
Frequently Asked Questions:
Q: How critical is this vulnerability?
A: This vulnerability appears to be as slightly less critical than POODLE. Although an attack is difficult to carry out it is important for people prioritize this patch.
Q: What should customers do?
A: Customers should remove the above listed affected ciphers (if they are supported by their web server) and restart their web server.
Q: Do SSL certificates have to be replaced?
A: No, this is not required.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
OpenSSL has fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS based on the ephemeral keys, DSA based Diffie Hellman (DH) key exchange.
The OpenSSL Diffie Hellman issue got assigned CVE-2016-0701 with a severity of High. This vulnerability could allow an attacker to force the peer to perform multiple handshakes using the same private Diffie Hellman key component. Meaning they could use this flaw to conduct man-in-the-middle attacks on the SSL/TLS connection.
OpenSSL released on 28-Jan-2016 their Security Advisory regarding the fixes on their website OpenSSL.org.
OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk.
OpenSSL 1.0.2 users should upgrade to 1.0.2f as stated in the security advisory. That download patch fix can be found here.
Fortunately Diffie Hellman key exchange is not met by the mainstream industry, and more than likely users are not using DSA Diffie Hellman ephemeral keys in order to perform their encryption. But the first line of defense to keep hackers at bay is to update their systems and not become stagnant in security.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Just recently there has been a lot of news regarding a vulnerability with SSLv2 (SSL2.0) and what has been named the Drown Attack. You will see articles saying “Drown Attack effects over 1/3 of the worlds websites, ” “No one is secure on the internet anymore,” More than a Million sites effected!” etc.. the list goes on and on.
Allow me to calm some fears you may have..
Unless your have NOT touched your server system since 2011 then don’t worry. SSLv2 which was created back in 1995 was considered an obsolete protocol back in 2011, and more than likely you are not using it. Because the following…
The DROWN stands for Decrypting Rsa with Obsolete and Weakened eNcryption and it allows attackers to break the encryption enabling that hacker to read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.
On March 01, 2016, The United States Computer Emergency Readness Team (US-Cert) released this on their website.
Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.
US-CERT encourages users and administrators to review Vulnerability Note VU#583776 and the US-CERT OpenSSL Current Activity for additional information and mitigation details.
So this really shouldn’t be news since SSLv2 was considered obsolete back in 2011. It was bound to happen sooner or later.
If you do happen to be effected by SSLv2 or would like to double check Qualys has an amazing SSL checking tool that goes deep into the health of a server system. SSLSupportDesk.com has a great article on how to use and read this checker featured here.
More information can be found https://drownattack.com/
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
As part of a long-term effort to simplify Symantec’s product range and ensure their offerings are relevant to the latest security needs, Symantec is discontinuing (End of Life) their Symantec Safe Site product as of March 2016.
Symantec Safe Site (formally the VeriSign Trust Seal) is the stand-alone seal product which allows a user to display the seal without having to purchase an SSL certificate.
Note: There will be no impact on the Norton Secured Seal included in SSL certificate products.
What should I do?
In order to continue displaying the Norton Secured Seal on their website, you will need to purchase one of our Symantec SSL products. Any Symantec Safe Site customer who chooses not to upgrade will lose their existing Symantec Safe Site at the end of their current product’s current term.
Why is Symantec discontinuing Symantec Safe Site?
Symantec want’s to simplify their product range, so they plan to eliminate smaller products that essentially have become redundant. Symantec Safe Site has been marked as a product that is not essential in their range and can be discontinued. Symantec SSL offers the same Norton Secured Seal, plus additional features that more comprehensively protect websites and simultaneously project trust.
Does this affect the seal on any other products?
No, the seal for all other products will still be available. No changes will be made.
What will happen if I don’t want another product?
Customers will not be able to renew their Symantec Safe Site product once their term is complete, so at that time they will no longer have access to the Norton Secured Seal nor Malware Scanning.
We suggest you upgrade to Symantec SSL to continue reaping the benefits you clearly value from the Norton Secured Seal, in addition to the added website security that comes with an SSL certificate.
If you currently have an SSL certificate but are not displaying the Norton Secured Seal visit our SSLSupportDesk article: Norton Secured Seal Installation Instructions
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Signed June 8th 2015 The Executive Office Of The President has enacted memorandum M-15-13. Also known as The HTTPS-Only Standard that requires that all public accessible Federal websites and web services only provide service through a secure connection.
This is very important as unencrypted HTTP connections create a privacy vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services. Any data sent over HTTP is susceptible to interception, manipulation, and impersonation. This data can include browser identity, website content, search terms, and other user-submitted information.
“All browsing activity should be considered private and sensitive.”
Many commercial organizations have adopted HTTPS or implemented HTTPS-only policies to protect visitors to their websites and services. Users of Federal websites and services deserve the same protection, and the Federal Government needs to set a presidence that in this day-and-age Web Security is as important as the air we breathe.
Although the challenges are few there are some considerations and implementations of HTTPS that may have effect on these Federal Government Services.
Site Performance: While encryption adds some computational overhead, modern software and hardware can handle this overhead without substantial deleterious impact on server performance or latency.
Server Name Indication: The Server Name Indication (SNI) extension to SSL/TLS allows for more efficient use of iP addresses when serving multiple domains. However, these technologies are not supported by some legacy clients. An example of SNI also known as Fully Qualified Domain Name (FQDN) would be www.energy.gov.
Mixed Content: Websites served over HTTPS need to ensure that all external resources (images, scripts, fonts, iframes, etc.) are also loaded over a secure connection. Modern browsers will refuse to load many insecure resources referenced from within a secure website. When migrating existing websites, this can involve a combination of automated and manual effort to update, replace, or remove references to insecure resources. For some websites, this can be the most time consuming aspect of the migration process.
APis and Services: Web services that serve primarily non-browser clients, such as web APis, may require a more gradual and hands-on migration strategy, as not all clients can be expected to be configured for HTTPS connections or to successfully follow redirects.
Planning for Change: Protocols and web standards improve regularly, and security vulnerabilities can emerge that require prompt attention. With that said Admin may have to be upgrade their system typologies in order to meet this standard. Federal websites and services should also deploy HTTPS in a manner that allows for rapid updates to certificates, proper cipher choices.
One standard that has effected legacy systems that will need to be taken into account is the SHA2 standard due to the SHA1 vulnerability that has taken effect in the commercial browser industry. For Example, old Microsoft IIS6 (Server 2003) systems lack the ability to understand the SHA2 algorithm due to its 12 year outdated software. Federal web service admins should evaluate the feasibility of using technology to improve performance efficiency and may have to upgrade their infrastructure as soon as possible.
The Office of Management and Budget (OMB) affirms that tangible benefits to the American public outweigh the cost to the taxpayer. Implementation of Server Certificates with HTTPS will help fight unofficial or malicious websites claiming to be Federal services, and block hacker eavesdropping on communications with official U.S. government sites.
Acmetek Global Solutions, Inc. is very familiar with the standards of the industry and have the Managed PKI solutions & recommendations needed to assist Federal/State government agencies on matters of Web Network Security.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
August 16, 2016 – End of Sale: Symantec will stop selling the ECA offering. No new ECA certificates will be issued.
August 16, 2016 – End of Renewal: Symantec will stop renewals for all the existing certificates.
August 17, 2017 – End of Life: All certificates will expire or are revoked. Symantec ECA operations will cease.
Symantec was certified by the United States Department of Defense (DoD) as a provider of External Certification Authority (ECA) digital certificates for government contractors, state and local governments and employees of foreign governments. ECA certificates enable secure on-line transactions with DoD agencies, digitally signing documents, and encrypting e-mail communications.
If you are not interacting with the Department of Defense then this will not effect you. This only effects those who do business or work for the DoD digitally in order to gain access to DoD systems. If you do work for the DoD ask the proper DoD IT security agent for more information. More than likely though you should have received some sort of information if this directly effects you from an DoD entity.
If you need more information and to stay up to date on the Symantec ECA and its End of Life visit
https://www.symantec.com/products/information-protection/eca-certificates
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Symantec will be discontinuing the availability of its Digital ID for Secure Email offering. To ease this transition, Symantec is phasing out this offering as follows:
August 22, 2016 – End of Sale: Symantec will stop selling the Digital IDs offering. No new certificates will be issued.
August 23, 2017- End of Life & End of Support: All certificates will expire or are revoked. Symantec Digital IDs for Secure Email support and operations will cease.
The retail versions of the Symantec Digital IDs for Secure Email did not accurately authenticate clients. When the Digital ID certificate would get issued Symantec placed “Persona Not Validated” in the Common Name field of these certificates because Symantec does not verify that the individual registering the email is indeed legally recognized by that name. Because this ID is not validated, to separate these certificates from those that are validated through a notary enrollment process, they are designated as not validated.
Example:
Authentication procedures cannot prove that the retail enrolled person for the digital ID is indeed JON DOE with an email of likescheese@mailcom. Thus why the certificates in the common name would state “Persona Not Validated“
Alternatively, customers can purchase an ENTERPRISE offering (NOT the RETAIL offering) to protect digital communication. These User Authenticated notarized certificates accurately state a users name for which they are issued to because of validated checks that are performed within the enrolled organization.
Digital IDs for Secure Email (Class 1) Support can be found here and any concerns can be address by sending an email to id-queries@symantec.com
Compromised email can mean loss of IP and damage to reputation. A digital ID is like an electronic driver’s license or passport that proves your identity. Digital IDs allow you to digitally sign and encrypt your digital communications using a certificate, bound to your validated email address.
Use Digital IDs to:
About SSLSupportDesk:
SSLSupportDesk is part of Acmetek who is a Symantec Website Security Solutions Authorized Distributor and a Platinum Partner. Acmetek offers all 4 Brands of SSL Certificates: Symantec, Thawte, GeoTrust and RapidSSL. Offering Norton Shopping Guarantee that inspires trust and increases online sales with a 20x ROI Guarantee.
Contact an SSL Specialist to buy your SSL Certificates from Acmetek, a Symantec Strategic/Platinum Distributor.
Become a Partner and create additional revenue stream while the heavy lifting for you.
The term SSL certificate has been used for the purposes of marketing since the creation of the digital certificates. SSL just like TLS are actually protocols that utilize a digital certificates keypair.
A digital certificate keypair by itself is nothing more than a place holder of 2048 bits or greater and is needed in order to perform encryption and validation. A protocol is the actual function of encryption that initializes that keypair to start encryption, such as the TLS or SSL Protocols. These protocols are set up and chosen on the server side by a server admin. Since TLS or SSL are protocol functions on the server and not pertaining to the digital certificate’s keypair it is uncertain why the industry calls Digital Certificates as SSL Certificates because of this principle. All SSL protocols that were all available are now perceived as a vulnerable protocol leaving only TLS until something better eventually comes up.
Because of the SSL marketing gimmick around the industry, and lack of secure SSL protocols there is now a fountain of confusions flying around. Here are some examples:
“Since SSL Versions are vulnerable to Poodle attack. Is it possible to consider TLS 1.2 instead of SSL certificate?”
“We need to upgrade our SSL certificate to TLS 1.2”
“My certificate states its is a SSL certificate, but I asked for a TLS certificate did I do something wrong?”
A standard digital certificate can use both TLS and SSL because they are both protocols that are configured on the server. There is no such thing as an SSL certificate that will only work for the SSL protocol or a TLS certificate that will only work for the TLS protocol.
Remember, that a digital certificate keypair is essentially just a bit place holder for encryption. All mainstream digital certificates are essentially TLS/SSL because of the protocols that can use it.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Enrollment for Microsoft Authenticode/Office-VBA Code Signing is a fairly simple process unlike Java Code signing. But there are some steps that need to be explained and remembered in order to have a successful enrollment, and certificate pickup.
Microsoft Authenticode/Office-VBA Code Signing is use
d to Digitally sign 32-bit or 64-bit user-mode (.exe, .cab, .dll, .ocx, .msi, .xpi, and .xap files) and windows kernel-mode software. As well as digitally sign Microsoft Office VBA objects, macros, and third-party applications using VBA.
With your new Microsoft Code Signing certificate you will sign your windows based applications. For actual signing procedures, support and more information on how to code contact Microsoft.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Getting a Java Code Signing is more of a manual process compared to Micrsosoft Authenticode/Office-VBA Code Signing.
Java Code Signing is used for signing Java applications for desktops, digitally sign .jar files and Netscape Object Signing. Recognized by Java Runtime Environment (JRE).
The following instructions are a supplemental guide into generating and configuring a keystore necessary for Java Code Signing. If you have not already done so, you will need to download the Java Software Development Kit (SDK) from Oracle. If you have any questions or assistance in implementing the Java SDK for best support contact Oracle.
Unlike other types of code signing in order to get a Java Code Singing Certificate you will need to use the keytool utility to create and configure a keystore .jks. Keep your keystore safe and make backup copies. If you lose your keystore file, or your password to access it you will need start from scratch by generating a new keystore and perform a replace the certificate.
This article will go over the following:
In order to create and configure your Keystore for Java Code Signing perform the following.
Step 1: Create a Keystore:
keytool -genkey -alias create_Privatkey_Alias -keyalg RSA -keystore path_and_create_KeystoreFilename.jks -keysize 2048
Step 2: Creating your CSR from your keystore:
Now that your keystore has been created you can now generate your CSR from it.
keytool -certreq -keyalg RSA -alias your_privatekey_alias -file your_csr_file.csr -keystore your_keystore_filename.jks
Your CSR request for your Java Code Signing Certificate has been created and is ready for you to copy and paste its contents into the enrollment portal when enrolling for a Java Code Signing certificate.
Step 3: Picking up your Java Certificate:
Step 4: Installing your SSL certificate:
It is recommended that you have your Keystore, SSL certificate and Keytool.exe in the same folder or you will need to specify the full file path when running the following commands. you may want to make a copy of your Keystore in case their are issues with Installation.
keytool -import -alias your_Privatekey_alias -trustcacerts -file your_SSL_Certificate.p7b -keystore your_keystorename.jks
If the installation is successful you will see “Certificate reply was installed in keystore”.
Your Java Certificate should now be installed and configured into its keystore. With this configured keystore you will Sign your Java Code.
For actual signing procedures and information on how to code view Oracles Tech notes using Jarsigner.
If you are unable to use these instructions, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
Oracle Java Support
For more information refer to Java.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Portecle is a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more.
The scenario for using such a tool is if a server system lacks the capability of generating a CSR keypair on its own. Another Senario would be if large networks of multiple server types, data centers and such are faced with a CSR keypair on one system environment and the tireless key store conversions that are required to import a keypair into a different server environment, which can be very time consuming and frustrating.
Portecle eliminates the need for a server to create a CSR keypair. It acts as keypair CSR generator where you can generate a single key pair, create a CSR, import a Signing SSL certificate, convert and save different format types of this key pair, and migrate them into the various systems required.
Portecle can be used to, for example:
Note: When navigating portecle, in the lower left of the application you will typically find information pertaining to the keystore, or information pertaining to its functions when mousing over those functions.
From the File menu, choose Save Keystore. Alternatively click on the Save Keystore toolbar icon button:
Before you can get a SSL certificate you will have to generate a Certificate Signing Request (CSR), and before you can generate a CSR you will have to generate a keypair .
Now that your keystore and private key is now created you can now generate your CSR.
Now that your SSL certificate has been issued from the Certificate authority you will need to import it into your keystore. Any SSL certificate format will be accepted but If you received a pkcs#7/.pdb file from your CA you will not need to worry about installing an Intermediate CA. This format type has the Intermediate CA included in its formating.
If you chose Other as your server type and received a SSL certificate (Something other than a Windows format) and got a x509/.pem/.crt/.cer format certificate then you will need to import the Intermediate CA certificate for you SSL certificate first. or else you will receive the error “Cannot establish trust for the CA reply. The import cannot proceed.” as described above. in Importing SSL certificate. To resolve this perform the following.
Note: This conversion will associate a password to the private key. Not all systems want a password associated with the private key.
C-panel, WHM or other web hosted environments for example. Double check the hosted application you are attempting to import this converted private key (with password) into to see if it will accept private keys with password or not. Typically there will be an option that states something like “password“ when installing the private key on such systems.
Recommendation 1: It might be easier to just generate a new CSR from the hosted system perform a reissue of the SSL certificate and perform a import directly into that hosted system instead. It will save you steps and frustrations finding out that the conversion does not work.
Recommendation 2: Convert your keystore into a pkcs12 if it is not already and then use a web base converter or openssl. Some free web based pkcs12 > Pem/Apache converters found through Google search will give you a zip with all the certificates in their own respective files that you open in notepad and copy and paste into your application. Others will give you one file where you will have to open in notepad and copy and paste the individual certificates (Including the BEGIN and END headers) into their own files or into the application directly. You will see an example below in the Apache conversion.
This Application also has many other features for you to experiment with. The ones listed in this document are the major ones that would pertain to its main functionality for creation of keystores, Privatekeys, CSR’s, Importing SSL certificate reply’s etc.. Remember to always save your keystore to finalise any configurations you want to take effect.
Portecle is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Portecle is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU_General Public License for more details.
Copyright and Legalities-
Copyright © 2004 Wayne Grant
2004 Mark Majczyk
2004-2015 Ville Skyttä
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
There are many SSL checkers out there which are used to check the validity and installation of a websites SSL Certificate. Majority of these checkers may vary on the information that they display or may have limitations, as they only perform their function as programmed. Aside from using an SSL Checker tool there is always the manual way of using your browser to check proper installations.
If you would like to learn how to check using a browser SSLSupportDesk features such an article Troubleshooting: Checking SSL installation with a browser.
Some SSL Checkers are extremely advanced and will not only check the validity of a SSL certificate, but can also point out flaws in a server’s configuration or software.
Qualys SSL Labs has an SSL Server Test (SSL Checker) tool that is well executed and implemented.
SSL checkers will only work if your website is publicly accessible from outside your network. More than likely if your website is internal you will not get any results.
Example: We used a domain name that does not exist in the outside work and get this result.
Using sslsupportdesk.com which is accessible to the open internet lets see how Qualys SSL Server Test Checker works.
With a successful installation we should see the following quality of the server system:
If there are any warnings or concerns the Qualys SSL Server Test Checker finds will be denoted below the Summary.
Red = Very bad
Yellow = Advisories or Industry changes that may turn into red over time.
More information regarding the checkers findings can usually be found by clicking MORE INFO.
Note: You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.
Server Key and Certificate # 1: States the information pertaining to the SSL certificate running on the Server System in Https:
Additional Certificates (If Supplied): Lists any additional Certificates that are also radiating off the server system. Usually these are Intermediate CA certificates.
Certification Paths: Shows the entire Chain Of Trust. Usually SSL Certificate > Intermediate > Root.
Note: The last certificate in this chain will be the root certificate. At times a yellow “Sent by Server” may appear on the Root. This only means that when a SSL connection is being made to the server that the server is presenting and forcing a root certificate to the client. Usually the Root certificate should only rest in the client’s browser Trust Store. Don’t be alarmed as some servers have to present this due to their programming. Although proper practice dictates that they shouldn’t.
Protocols: The encryption protocols that are available to clients visiting this web server.
Cipher Suites: The child protocols the perform the actual encryption session.
Handshake Simulation: Mimics the different browsers used to connect to the server.
Off Note: Most modern browser systems will automatically choose the best most secure connection the browser is capable of regardless of how the server is configured.
Protocol Details: More information regarding how the server system is handling protocols.
Miscellaneous: Server type running Domain Name, Timestamp check occurred, etc.
Qualys SSL Labs Server Test Checker tool is operated and managed by Qualys. This SSL Checker is one of many publicly available on the internet that can help you diagnose problems with your SSL certificate installation, or other errors that are associated with your server system.
Note: You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
A Certificate Signing Request or CSR is a specially formatted underdeveloped public key that is used for enrollment of an SSL Certificate. The information on this CSR is important for a Certificate Authority (CA). It is needed to validate the information required to issue a SSL Certificate.
Creation of a CSR also means you are creating your private key. The private key will always be left on the system or application where the CSR is generated. The Private key will be required later for installation.
If you do not see your server listed Perform a search or you may have to contact your server vender or hosting provider for best practices on how to generate a CSR on your system.
A CSR must contain the Following information:
Note: You might be prompted on some server systems or applications to associate a password for your CSR. Leave this blank or bypass it by pressing Enter depending on the system. Associating a password with your CSR will encrypt it and will cause issues with enrollment. If this happens you will have to regenerate another CSR without a password.
To check the information of your CSR visit the SSL Tools CSR Checker.
Cisco ASA 5510
Cisco Wireless LAN Controller
Z:
Zimbra
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
After your certificate has been issued like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. It will be either in the application or left somewhere on a directory and path you choose when you generated the CSR. Your SSL certificate will not work without this private key file.
If you do not see your server listed perform a search, or you may have to contact your server vender or hosting provider for best practices on how to install a SSL certificate on your system.
Check your SSL installation with the Symantec Certificate Checker
Cisco ASA 5510
Cisco Wireless LAN Controller
Microsoft Active Directory LDAP
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
Security always needs to be a proactive campaign. Not updating or keeping up with the progress of technology will open doors in security and will leave businesses open to be hacked.
SHA1 was the Algorithm that was used to create and sign encryption keypairs that are used to scramble data on websites, and applications. SHA1 was a replacement for MD5, and now SHA2 is the replacement for SHA1.
The CA/Browser Forum, is the governing entity of leading web browsers and certificate authorities (CAs) working together to stay proactive with security and publish their Baseline Requirements for SSL regarding the security standards of the web industry. These Requirements recommend that all CAs transition away from SHA-1 as soon as possible, and to discontinuing issuing SHA1 public facing certificates. The reason being that due to the progress of technology this old algorithm is on the verge of being exploited.
Browser’s like Internet Explorer, Firefox and Chrome are inforcing these standards but placing errors within their browsers associated with these standards. According to Google’s “Gradually Sunsetting SHA-1”, Chrome version 39 and later will display visual security indicators on sites with SHA-1 SSL certificates with validity beyond January 1, 2016.
In short:
Most browsers will not trust certificates that use SHA1 After 12/31/2016.
If you do not want to get an error on your website you will have to replace that old SHA1 certificate with a newer SHA2.
To do list:
These standards are always changing. Especially with how fast new technologies are coming out. SSL Certificates are a method of enforcing industry standards to make a more secure internet for everyone.
SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!
Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.
Become a Partner and create additional revenue stream while the heavy lifting for you.
GoDaddy last week has begun the process of re-issuing SSL certificates for more than 6,000 customers after a bug was discovered with there DV (Domain Validated) automated registrar’s validation process. This automated process of getting a certificate is one of the fastest ways of getting a validated digital certificate used to encrypt and validate websites or networks.
“GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process. ” “The bug caused the domain validation process to fail in certain circumstances.” Thayer VP and General Manager of Security Products at GoDaddy said in a statement.
When we hear terms such as “Improve Certificate Issuance Process” it usually means make things faster, or more automated. Keep in mind that GoDaddy is not a security company they are into hosting. Being a Certificate Authority (CA) is just a by product of the service they provide. The issue exposed sites running SSL certs from GoDaddy to spoofing where a hacker could gain access to certificates and pose as a legitimate site. Enabling a hacker the spread of malware, or steal personal information such as Banking login credentials. This move to “Improve” a certificate issuance comes from fear from a new free CA that has debut called Let’s Encrypt.
Let’s Encrypt is a free, automated, and open CA brought to you by the non-profit Internet Security Research Group (ISRG). The move for this free automated process is to help the industry migrate to enable HTTPS(SSL/TLS) for websites in the most user friendly way possible. It is meant to significantly lower the complexity of setting up and maintaining TLS encryption.
Any technology that is meant for good can be abused by cyber criminals, and digital certificates like those of Let’s Encrypt’s are no exception. This trust system can be abused. There is one reported case where an attacker/malvertiser was able to perform a technique called “domain shadowing.” Domain shadowing is when the attacker is able to create sub domains under the legitimate site. With an embedded advertisement on a website an end user could click on a malicious add thinking that they are visiting an alternate page. In reality though they have been lead to the hackers malvertising server which could download a trojan or Randsomeware into that users system. A certificate authority that automatically issues free certificates specific to these sub-domains may inadvertently help cyber criminals, all with the domain owner being unaware of the problem and unable to prevent it.
Domain-validation certificates only confirm that the relevant domain is under the control of the site recipient. In theory, this will not validate the identity of the recipient. End users that visit these sites are unaware of the nuances of certificates may miss the differences, and as a result, these DV certificates can help the hacker gain legitimacy with the public. There is nothing wrong with the procurement of a DV certificate. Depending on the circumstances DV is advised for internal networks when there is a need for a quick cost effective resolution. Security is always is a Pro-Active industry. Cutting corners and making things easy for the sake of convenience is a double edge sword, and could lead to a loss of business and good reputation. Needless to say approach with caution.
Posted by:
Dominic Rafael
Lead Tech Solutions Engineer
Be sure to Subscribe!!
twitter
WhatsApp is a widely popular free to use cross platform smart phone messaging application that allows users to use their phone service and wifi internet to make voice/video calls, send text messages, documents, images, gif’s, user locations, etc. Its popularity is primarily due to where data rates or roaming charges can cost an arm and a leg.
WhatsApp Inc., based in Mountain View, California, was acquired by Facebook in February 2014 for ridiculous $19.3 billion US Dollars. By February 2016, WhatsApp has a user base of over one billion, making it the most popular messaging application at the time.
Over the recent years Privacy and Security has been a focus on the popular message app. In 2014 WhatsApp implemented end to end https encryption scrambling the information between communicating users. The latest Security implementation is the coming of Two-Step Verification.
Two-step verification is an optional feature that adds more security to your account. The technology is not new, and it has been in use for quite some time. Blizzard Inc. creator of the biggest online MMO (Massive Multiplayer Online) game World Of Warcraft implemented two factor authentication back in 2008 to protect gamers accounts from being hacked. Two-step, or Two-Factor Authentication protects your accounts by requiring you to provide an additional piece of information after you give your password In the most common implementation, after correctly entering your password, an online service will send you a text message or an email with a unique string of numbers that you’ll need to punch in to get access to your account.
To enable two-step verification, open WhatsApp > Settings > Account > Two-step verification > Enable.
Upon enabling this feature, you can also optionally enter your email address. This email address will allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit passcode, and also to help safeguard your account. WhatsApp will not verify this email address to confirm its accuracy. You will want to provide an accurate email address so that you’re not locked out of your account if you forget your passcode.
After implementing Two-Step Verification if you receive an email to disable two-step verification, or receive a pass-code request but did not request this, do not click on the link! Someone could be attempting to verify your phone number on WhatsApp elsewhere. Meaning that someone is attempting to gain access to your account! Stay secure.
Lead Tech Engineer: Dominique Rafael
dsrafael@acmetek.com
We want to inform you about new industry requirements that were announced by the Certificate Authority Security Council (CASC) for Code Signing certificates on 8th December 2016 and that comes into effect on the 1st of February 2017.
The new requirements address four key areas within our Code Signing products and provide a safer experience and minimize the risk of Code Signing attacks.
To reduce the chance of issuing certificates to malicious publishers the guidelines require that Symantec:
Symantec has also introduced a ‘Certificate Problem Reporting’ system for both Symantec and Thawte Code Signing certificates which will allow third parties like malware organisations and software suppliers to report issues relating to key compromise, certificate misuse and possible fraud. Under the new arrangement, once Symantec receives a request, we will either revoke the certificate within forty eight hours, or alert the requestor that we have started an investigation.
Symantec has enhanced their timestamping services for their Code Signing customers to meet the new requirements. More information can be found in the following KB articles for Microsoft Signing and Java Signing.
The main benefit of using a timestamp is that the signature does not expire when the certificate does, which is what happens in normal circumstances. Instead, the signature remains valid for the lifetime of the timestamp, which can be as long as 135 months.
Symantec has published a set of guidelines on private key protection best practices for Symantec and Thawte Code Signing certificates which must be reviewed and accepted by subscribers as part of the enrollment process. These guidelines makes recommendations regarding the secure storage of private keys to mitigate against the risk of potential vulnerabilities, however it is important to call out that Code Signing minimum requirements published in December stop short of mandating that an OV Code Signing certificate must be stored on a FIPS 140-2 Level 2 HSM or equivalent on premise hardware.
Lastly, any pending Symantec or Thawte Code Signing orders placed before the 25th of January 2017 and not issued before the 1st of February 2017 will be cancelled by Symantec and respective customers asked to re-enroll.
If you want any further clarification about this announcement, or have any questions feel free to get in touch your Certificate Authority who issued your Code Signing Certificate.
Dominic Rafael, Lead Tech Engineer
dsrafael@acmetek.com
This means your website will work when your clients visit your website by either www or without. No more forwarding of website traffic or paying extra for an extra Subject Alternative Name (SAN) domain. Something that should automatically come by default. Many CA’s the world over do not provide this functionality to their clients which causes a technical nightmare to web developers, and Network administrators. But Acmetek is able to provide you with a simpler solution.
Products benefiting from free SAN from this change:
Symantec | Thawte |
Secure Site Pro with EV | SSL Web Server with EV |
Secure Site with EV | SGC SuperCerts |
Secure Site Pro | SSL Web Server Wildcard |
Secure Site Wildcard | SSL Web Server |
Secure Site | SSL123 |
Acmetek is always brings the best security solutions to fit our clients needs. Our partnerships and tools are dedicated to providing easy solutions in website security.
Lead Engineer: Dominic Rafael
dsrafael@acmetek.com
Firstly, key note is that Certificates today require no action – there is no security issue nor any issues with issuance !! Google’s unilateral changes to the Chrome browser do not require any action immediately. Enough is Enough.
On behalf of Symantec, we want you to note that Symantec is proud to be one of the world’s leading certificate authorities. Symantec strongly objects to the action Google has taken to target Symantec SSL/TLS certificates in the Chrome browser. This action was certainly unexpected, and Symantec believes the blog post was irresponsible! Symantec hopes that this was not calculated to create uncertainty and doubt within the Internet community about our SSL/TLS certificates.
Google’s statements about Symantec’s issuance practices and the scope of Symantec’s past mis-issuances is exaggerated and misleading. For example..
Symantec has taken extensive remediation measures to correct this situation, immediately terminated the involved partner’s appointment as a registration authority (RA), and in a move to strengthen the trust of Symantec-issued SSL/TLS certificates, announced the discontinuation of our RA program. This control enhancement is an important move that other public certificate authorities (CAs) have not yet followed.
Symantec operates our CA in accordance with industry standards and maintains extensive controls over our SSL/TLS certificate issuance processes and Symantec works to continually strengthen their CA practices. Symantec has substantially invested in, and remain committed to, the security of the Internet. Symantec has publicly and strongly committed to Certificate Transparency (CT) logging for Symantec certificates and is one of the few CAs that hosts its own CT servers. Symantec has also been a champion of Certification Authority Authorization (CAA), and has asked the CA/Browser Forum for a rule change to require that all certificate authorities explicitly support CAA. Symantec’s most recent contribution to the CA ecosystem includes the creation of Encryption Everywhere, our freemium program, to create widespread adoption of encrypted websites.
Note that Symantec wants to reassure their customers and all consumers that they can continue to trust Symantec SSL/TLS certificates.
Symantec will continue to vigorously defend the safe and productive use of the Internet, including minimizing any potential disruption caused by the proposal in Google’s blog post. Symantec is currently open to discussing the matter with Google in an effort to resolve the situation in the shared interests of our joint customers and partners.
“We suggest and strongly recommend that you continue as normal with your procurement of Symantec SSL Certificates as we are working to clarify Google’s statement. You can expect an update soon once we assess if changes are necessary.”
– Lead Engineer – Encryption , Acmetek Global Solutions, Kevin S Naidoo
The Certificate Authority Browser Forum, Also known as CA/Browser Forum, is a voluntary consortium of Certificate Authorities such as Symantec, Digicert, Comodo, and tech Operating System makers such as Apple, Mozilla, Microsoft, etc.. decide the fate of security on the internet. The CA/Browser Forum purpose is to be proactive, and keep the internet secure for users and businesses all over the world.
The CA/Browser Forum recently passed Ballot 193 will effect all Certificate Authorities and those who manage SSL/ TLS Certificates. Effective almost immediately (April 22, 2017).
To keep up with the progress of technology the CA/Browser Forum is always coming up with new industry standards. These standards guide and move the internet to a more safer and secure environment for its users. Information regarding the CA/B Forum on is always made publically available at cabforum.org
Lead Tech Engineer, Acmetek
Dominic Rafael
DigiCert acquired Symantec under the terms of the agreement, $950 million acquisition of Symantec Website Security and PKI solutions related to SSL/TLS certificates business received in upfront cash proceeds and approximately 30% stake in the common stock equity of DigiCert.
DigiCert completes acquisition of Symantec’s certificate authority business on 31st October. The deal to acquire Symantec’s Website Security and Related PKI Solutions was first announced on August 3rd. DigiCert is a leading provider of scalable identity and encryption solutions.
Speaking on this occasion DigiCert CEO John Merrill said, “Today starts an exciting era for the current customers and partners of both Symantec and DigiCert, For Symantec customers, they can feel assured that they will have continuity in their website security and that we will provide a smooth transition. Our customers and partners will benefit from our accelerated investment in products and solutions for SSL, PKI, and IoT. DigiCert will also lead to shape PKI security standards through our participation in industry standards bodies to ensure our customers stay at the forefront of security practices. DigiCert is prepared for this opportunity.”
“The addition of Symantec Web PKI solutions to DigiCert will provide a customer experience that is second to none. We are excited for Symantec customers to benefit from solutions that help advance and strengthen website security,” said Greg Clark, Symantec CEO. “We expect Symantec and DigiCert customers to benefit from focused investment in the next generation of security solutions for our respective customers, and today’s action helps advance this important objective”
This acquisition will bring together the best minds in the industry and provide customers a reinforced technology platform, unparalleled customer support, and cutting-edge innovations. DigiCert will continue its operations from its headquarters at Lehi, Utah with a combined strength of around 1,000 professionals.
DigiCert has a strong reputation in the industry for being fast, reliable and excellent customer support. Symantec customers can experience this DigiCert’s service in addition to industry-leading OCSP response times, and award-winning PKI and IoT management platforms.
DigiCert’s platform is highly scalable and is designed for high-volume deployments for SSL and IoT and stress tested for billions of certificates. DigiCert will be able to continue providing industry-leading issuance times, even with the added Symantec Website Security business.
The addition of Symantec’s Website Security to DigiCert brings together the best talent in the industry which will further the efforts to reinforce the SSL, PKI, and IoT based solutions.
Since announcement to acquire Symantec Website Security in the month of August 2017, DigiCert has focused to work on fixing the browser requirements for Symantec issued certificates and plans to replace with affected certificates for free and without disturbing to ongoing customer business in order to ensure continued trust.
“DigiCert is well positioned for this opportunity,” said Jody Cloutier, former senior program manager, Microsoft Cryptographic Ecosystem. “During my time at Microsoft managing the root store program, I always found DigiCert to be committed to advancing online trust. I expect that this acquisition will lead to increasing investments in new platforms and products that will benefit customers.”
DigiCert look forward to building a big security company and supporting all of Symantec’s Website Security and PKI solutions and their customers well into the future.
Acmetek will be able to offer an even wider range of solutions from both Symantec and DigiCert. Current Symantec customers can continue to order and purchase certificates the same way they always have. In addition, they can still use existing Symantec management tools. Account management contacts, existing contracts, brands, and validity periods for certificates will remain the same, as does pricing as off now.
We are worked up about bringing together the best of what Symantec has to offer with DigiCert. Acmetek partners and customers are having amazing opportunities in terms of various advanced security solutions. With this acquisition is the best situation for all parties like DigiCert, Symantec clients, partners, and resellers. The SSL and PKI solutions platform have a great bright future with a new responsible leader in the website security industry.
We’ll keep on updating to our customers and partners for transmitting updates with regular communication for further questions. Acmetek has dedicated support team is standing by around-the-clock, ready to assist you with any questions or concerns you may have. Do you want to buy an SSL Certificates at low cost? Simply you can click on request a quote form to submit your requirements.
For the latest Acmetek news and updates, visit www.acmetek.com/announcements/ or follow us on Facebook @Acmetek and Twitter @Acmetek
Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec/Geotrust/Thawte/
Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the new Digicert platform. These will be replaced at no cost to all certificates issued prior to December 1st 2017, and Digicert will work to ensure a smooth process. Many customers have already received information on certificate replacement, and more information will be forthcoming for affected parties.
Acmetek is currently working on a smooth transition for their clients and will be notified if they have an effected cert by this transition in the next couple of months.
Things to know:
Authentication Things to Know:
New Highlights:
For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”.
As a part of this plan Google first rolled out with Chrome 58 when Google marked all HTTP pages as “Not Secure” if the web pages having password or payment credit card fields and the second stage with Chrome 62 version when Google marked all HTTP website pages opened in a private browsing windows as “Not Secure” and beginning in July 2018 with Chrome 68 release will mark all HTTP sites as “not secure” is the final stage.
In a recent announcement, Google has confirmed that when users visit every HTTP websites on Chrome they will be flagged as “Not Secure” from July 2018 with the release of Chrome 68.
In Chrome 68, the omnibox will display “Not secure” for all HTTP pages.
Developers have clearly heard the call, according to Google, the results of the efforts have been:
So it’s clear that HTTPS is the wave of the future when it comes to internet security.
Google Lighthouse Tool
Google itself has a Lighthouse tool is an open-source, automated tool for improving the quality of web pages. Google encourage websites to use HTTPS with its automated Lighthouse developer tool and other set-up guides to transition over.
Take a Strategic Decision to Buying a Right SSL Certificate
Focus on choosing the right SSL Certificate for your business need. Before buying an SSL Certificate, you need to understand specific requirements to secure websites such as to protect Single Domain, Multiple Sub-Domains or Different websites. Move your website from HTTP to HTTPS with an SSL Certificate today!
If you want to know more how to protect your website and safeguard customer’s data? Please complete the form below to get more assistance from an Acmetek trusted security specialist advisor today!