Guest post by Hackrfi: Why does one buy commercial certificates, and another ends up with Let’s Encrypt?

“The danger from the viewpoint of the organization and IT is that when you have the hammer in your hand the business and infra start to look like mere nails”

The Let’s Encrypt DV certificates still give rise to discussions. Last month we wrote about answering the customer’s question “Can you tell us why we should use you and Entrust when we get certs free of charge e.g. from Let’s Encrypt?”. This time the subject is reviewed by one of the top professionals in IT security. Thomas Malmberg has written this article from the viewpoint of Hackrfi Ltd. but I have met him the first time in 2012 when he was working as the IT Security Manager for the Aktia bank. We have since kept contact and I have the pleasure of exchanging ideas with him about data security especially in the financial world at our annual lunch meeting. Thomas’s position as the CEO of both Mintsecurity and Hackrfi gives him a special vantage point. Let us give the stage to Thomas!

Thomas Malmberg, Hackrfi Ltd., Mintsecurity Ltd.
Continue reading “Guest post by Hackrfi: Why does one buy commercial certificates, and another ends up with Let’s Encrypt?”

“Can you tell us why we should use you and Entrust when we get certs free of charge e.g. from Let’s Encrypt?”

The ICT Manager Teppo Kartano from the city of Rauma sent us a message on Sep-12 2019:

“Hi, we had a discussion here about certificates and their prices. Can you tell us why we should use you and Entrust when we get certs free of charge e.g. from Let’s Encrypt?”

Continue reading ““Can you tell us why we should use you and Entrust when we get certs free of charge e.g. from Let’s Encrypt?””

The maximum life-time of Entrust public certificates will be reduced to 398 days because Apple will change the policy in the Safari browser

Apple informed in the CA/Browser Forum meeting held in Bratislava on week 8 that starting from 1.9.2020 the Safari browser will accept only new SSL certificates which are valid at most for 398 days. There will be a warning if the life-time exceeds this value. Certificates created before 1.9.2020 may have also longer life-times (e.g. 2 years). As a result also Entrust Datacard has announced that in the future the maximum life-time of Entrust certificates will be reduced to 398 days. We will inform our customers when this change is official.

Continue reading “The maximum life-time of Entrust public certificates will be reduced to 398 days because Apple will change the policy in the Safari browser”

Who’s afraid of The big bad site – no one soon!

Bad site is not just a bad dream, but reality

Back in 2016 I wrote an article under the the title Who’s afraid of the big bad site (unfortunately it is in Finnish). You can find that article here . The point in the article was that browsers are doing a great job trying to prevent users from ending up on a phishing site. This is a good thing, but nowadays the browsers categorises all sites running HTTPS Secure, not matter what the content or who is running the site. Unfortunately this has gone even more difficult for a common internet surfer now that Google..

Continue reading “Who’s afraid of The big bad site – no one soon!”

New methods for domain verification

In verification for SSL certificates there are two parts: 1) verifying the organization and 2) making sure that the organization has control over the target domain. Previously the latter was typically confirmed by looking at the WHOIS information. If the organization owned the target domain, that was sufficient. This method was declined by CA Browser Forum in spring 2018. At the same time, GDPR compliance caused some issues with the use of Method 2 where the email address found in the WHOIS record for the domain name was no longer provided. This meant that we could no longer use this information to contact the domain name registrant to confirm authorization to issue a certificate with the requested domain name.

Continue reading “New methods for domain verification”

What means verification?

I am a one of Wesentra’s three verification specialists and I have been trained and certified by Entrust Datacard. Our job is to find all needed information, verify their organizations’ legal existence, contact customers and check their intention for getting an SSL/TLS certificate as well as help them with the verification process. We prepare the needed verification documents and an auditor from Entrust Datacard checks the documents and either accepts the verification or asks for more information. Entrust Datacard has authorized four partners globally to do this verification work, Wesentra is the only one in Europe.

Continue reading “What means verification?”

Video streams from our seminar on Feb-6 and highlights from session “SSL/TLS certificates – what lies ahead?”

Our seminar ”Electronic signing, PKI Management and SSL certificates” on Feb-6 2019 was attended by over 40 professionals with lots of experience about cyber security. The seminar was streamed on-line to the net and it is still available as recordings. This article provides the links to the recordings and the material as well as highlights from the third session.

Continue reading “Video streams from our seminar on Feb-6 and highlights from session “SSL/TLS certificates – what lies ahead?””

Video streams from our seminar on Feb-6 and highlights from session ”PKI Management and Managed PKI”

Our seminar ”Electronic signing, PKI Management and SSL certificates” on Feb-6 2019 was attended by over 40 professionals with lots of experience about cyber security. The seminar was streamed on-line to the net and it is still available as recordings. This article provides the links to the recordings and the material as well as highlights from the second session.

Continue reading “Video streams from our seminar on Feb-6 and highlights from session ”PKI Management and Managed PKI””