Who’s afraid of The big bad site – no one soon!

Bad site is not just a bad dream, but reality

Back in 2016 I wrote an article under the the title Who’s afraid of the big bad site (unfortunately it is in Finnish). You can find that article here . The point in the article was that browsers are doing a great job trying to prevent users from ending up on a phishing site. This is a good thing, but nowadays the browsers categorises all sites running HTTPS Secure, not matter what the content or who is running the site. Unfortunately this has gone even more difficult for a common internet surfer now that Google..

Continue reading “Who’s afraid of The big bad site – no one soon!”

New methods for domain verification

In verification for SSL certificates there are two parts: 1) verifying the organization and 2) making sure that the organization has control over the target domain. Previously the latter was typically confirmed by looking at the WHOIS information. If the organization owned the target domain, that was sufficient. This method was declined by CA Browser Forum in spring 2018. At the same time, GDPR compliance caused some issues with the use of Method 2 where the email address found in the WHOIS record for the domain name was no longer provided. This meant that we could no longer use this information to contact the domain name registrant to confirm authorization to issue a certificate with the requested domain name.

Continue reading “New methods for domain verification”

What means verification?

I am a one of Wesentra’s three verification specialists and I have been trained and certified by Entrust Datacard. Our job is to find all needed information, verify their organizations’ legal existence, contact customers and check their intention for getting an SSL/TLS certificate as well as help them with the verification process. We prepare the needed verification documents and an auditor from Entrust Datacard checks the documents and either accepts the verification or asks for more information. Entrust Datacard has authorized four partners globally to do this verification work, Wesentra is the only one in Europe.

Continue reading “What means verification?”

Video streams from our seminar on Feb-6 and highlights from session “SSL/TLS certificates – what lies ahead?”

Our seminar ”Electronic signing, PKI Management and SSL certificates” on Feb-6 2019 was attended by over 40 professionals with lots of experience about cyber security. The seminar was streamed on-line to the net and it is still available as recordings. This article provides the links to the recordings and the material as well as highlights from the third session.

Continue reading “Video streams from our seminar on Feb-6 and highlights from session “SSL/TLS certificates – what lies ahead?””

Video streams from our seminar on Feb-6 and highlights from session ”PKI Management and Managed PKI”

Our seminar ”Electronic signing, PKI Management and SSL certificates” on Feb-6 2019 was attended by over 40 professionals with lots of experience about cyber security. The seminar was streamed on-line to the net and it is still available as recordings. This article provides the links to the recordings and the material as well as highlights from the second session.

Continue reading “Video streams from our seminar on Feb-6 and highlights from session ”PKI Management and Managed PKI””

Video streams from our seminar on Feb-6 and highlights from session ”Electronic signing, digital signing, eIDAS, PadES”

Our seminar ”Electronic signing, PKI Management and SSL certificates” on Feb-6 2019 was attended by over 40 professionals with lots of experience about cyber security. The seminar was streamed on-line to the net and it is still available as recordings. This article provides the links to the recordings and the material as well as highlights from the first session.

Continue reading “Video streams from our seminar on Feb-6 and highlights from session ”Electronic signing, digital signing, eIDAS, PadES””

Wesentra was named the SSL Partner of the Year EMEA

With our CTO Harri Tuuva we attended the Entrust Datacard’s Global Partner Conference in London last June. During the conference we heard market updates on current situation in SSL-world and also,  information on other solutions provided by Entrust Datacard. As a part of the conference, Entrust Datacard rewarded their strategic partners and Wesentra was named the SSL partner of the Year EMEA.

Continue reading “Wesentra was named the SSL Partner of the Year EMEA”

How SSL Certificates Work

SSL certificates are used to initiate secure communications over computer networks, usually referred as HTTPS traffic. Organization Validated (OV) and Extended Validated (EV) Certificates provide both encryption and identification: user can check the name of the organization from a certificate and can be sure that a reliable third party (Certificate Authority – CA) has validated the organization. Domain Validated (DV) certificates give only encryption as the organization has not been validated at all. The actual name and protocol is TLS (Transport Layer Security) but I will use the term SSL (Secure Socket Layer) because it is still better known and more commonly used.

Continue reading “How SSL Certificates Work”