Website Security Solutions | Latest Guides | Blog

Understanding Certificate Cross-Signing

| #Articles

Certificate Cross-Signing is a nuance of PKI which is often poorly understood. This topic is particularly salient as of late, as a long-lived root certificate managed by Sectigo (formerly Comodo) expired, causing many unexpected problems for many legacy systems worldwide. But how can certificate expiration lead to service downtime? Who is responsible for being aware that this can happen? How can… [read more →]

When to use a Wildcard SSL Certificate

| #Articles

SSL/TLS uses x509 certificates to secure digital communications. These certificates are bound to a particular DNS name, and signed by a Certificate Authority. Browsers attempt to validate the certificate by chaining back to a root certificate in its root certificate store. If a website does not have an SSL/TLS certificate installed that matches the DNS name by which it was accessed, it is an… [read more →]

Let’s Encrypt Revokes 3 Million Certificates

| #Articles

On Friday February 28th, Let’s Encrypt made the tough decision to revoke over 3 million certificates they had issued due to a bug in the software they use to validate CAA records. This gave companies relying on Let’s Encrypt under a week to replace these certificates on their endpoints. While this procedure did not necessarily require downtime (depending on the specific server configuration) it did… [read more →]

Zero-Day Vulnerabilities and its Impact on Business

| #Articles #Security

Computer System Vulnerabilities are a serious security issue that can find its way to our computers through harmless browsing activities. This can be as simple as visiting a website, clicking on a compromised message or downloading software with compromised security protocols. Exploited and infected malware exposes our systems, allowing unauthorized control to the hackers. The system becomes… [read more →]

TLS 1.3, HTTP/3 and DNS over TLS - 2019 Highlights

| #Articles #Security

2019 has been a big year for digital cryptography. The privacy minded should be very excited about changes on the horizon. Specifically, some of the biggest changes around the corner are: TLS 1.3 HTTP/3 Widespread support for DNS over TLS TLS 1.3 RFC 8446 finalized the specification of TLS 1.3.With it includes faster connection times, deprecation of insecure ciphers, simplified negotiation of… [read more →]