SSL Certificate News
Industry Announcements & Updates
Trustico® believes that creating a successful secure web presence should be easy and affordable. Here you will find our latest SSL news, industry articles and press releases. For further information about any of the latest industry news and updates, or if you have an article that you would like us to publish, please Contact Us.
23 March 2017
Important Message from Symantec Website Security
On March 23, Google posted a blog on a public forum outlining a set of proposals targeted at Symantec SSL/TLS certificates. This was unexpected, and I wanted to reach out to explain what this proposal means for Symantec customers and how we will respond to Google's proposal, if implemented, in order to ensure business continuity for you. I also want to address Google's claims about Symantec's certificate issuance processes and reaffirm our continued commitment to transparency of our practices as a public certificate authority.
As a market leader for online security services for businesses and one of the largest SSL retailers globally, Trustico® today announced a strategic rollout of new products, services and platforms to significantly enhance its global exposure and strengthen its presence in the European and Asia Pacific markets.
18 October 2014
Certificate Transparency, Impacting Extended Validation SSL
Certificate Transparency (CT), a Google initiative, requires all Extended Validation (EV) SSL certificates, along with certificate details, to be registered in public CT logs before the end of January 2015 in order to continue having the green address bar displayed in Chrome.
14 October 2014
SSL 3.0 POODLE Attack Vulnerability
This vulnerability does not affect SSL Certificates. No change to existing SSL Certificates are necessary. Customers should review and update the configuration of their web servers to eliminate this vulnerability. Researchers have published a vulnerability with SSL 3.0 (POODLE) that could allow an attacker to decrypt secure cookies sent over a secure connection.
10 October 2014
SHA-1 Beyond December 31, 2015 (Transition To SHA-2)
Microsoft and Google announced SHA-1 deprecation plans that may affect websites with SHA-1 SSL Certificates. Chrome version 39 and later will display visual security indicators on sites with SHA-1 SSL certificates with validity beyond January 1, 2016.
29 June 2012
Symantec® Revokes MD5 Signed SSL Certificates
As of June 30, 2011, Mozilla ended their support of the MD5 signature algorithm. Since then, pertinent SSL Certificates signed with an MD5 algorithm have continued to work correctly, however in line with Mozilla's request; Symantec® began revoking SSL Certificates this week.
Symantec® has established some of the most comprehensive sources of internet threat data in the world through the Symantec® Global Intelligence Network, which is made up of more than 64.6 million attack sensors and records thousands of events per second.
The current manual authentication process is reliant on domain owner approval via e-mail which can be problematic and can cause issuance delays due to private registration not allowing carryover data and end users not responding to, or misplacing, e-mail.
16 March 2012
Symantec® Response To Google Browser Security Issues
After announcements by Google that they will be stripping OCSP (Online Certificate Status Protocol) and CRL (Certificate Revocation List) checks from their latest release of the popular Chrome web browser, Symantec® has again in recent days slammed this decision by Google, labelling the move as "misguided and dangerous."
09 February 2012
The Question Of The Safety Of SSL Rises Again
Symantec® have released a statement that the Trust Services (SSL), User Authentication (VIP, PKI, FDS), and other production systems acquired by Symantec® were not compromised by the corporate network security breach mentioned in the Verisign, Inc. quarterly filing.
The security of SSL Certificates was under much scrutiny last year after high profile security breaches of Certificate Authorities resulted in the bankruptcy of Dutch Certificate Authority Diginotar, while the large European Certificate Authority GlobalSign had to stop issuing SSL Certificates while they investigated whether a breach of their security structure resulted in rogue SSL Certificates being issued.
30 December 2008
Response To MD5 Collision
Earlier today at the Chaos Communication Congress in Berlin, three researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL Certificate using the RapidSSL brand of SSL Certificates.
08 April 2008
Trustico® Joins Ratepoint℠ Partner Program
RatePoint, Inc., a market leader for online reputation management and customer feedback platforms for businesses, and Trustico®, one of the largest SSL retailers globally, today announced a strategic reseller partnership that allows RatePoint to significantly enhance its global exposure and strengthen its presence in the European and Asia-Pacific markets.