DigiCert Blog

All posts under: SSL

  1. FREAK Attack: What You Need to Know

    Currently known as ‘FREAK,’ this vulnerability (CVE-2015-0204) allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography. This export-grade cryptography includes out-of-date encryption key lengths that can then easily be decrypted. This vulnerability does not effect on SSL Certificates and does not require any action related to…


  2. This Month in SSL: February 2015

    Digital Security News

    Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series. SSL & Encryption News New CA/B Forum Baseline Requirements make it so Certificate Authorities can only issue certificates with validity periods up to 39 months starting on April 1. The final touches are being put…


  3. Lenovo’s Superfish Adware and the Perils of Self-Signed Certificates

    Late last night, reports started coming out that Lenovo was shipping PCs with man-in-the-middle adware that breaks HTTPS connections. Lenovo, like most manufacturers, ships its PCs with pre-installed software. In this case, the software is Superfish, which inserts visual advertisements into web pages such as Google search results. And while this pre-installed adware is annoying…


  4. SSL Certificate Validity Periods Limited to 39 Months Starting in April

    In accordance with the CA/Browser Forum’s Baseline Requirements, effective April 1, 2015, Certificate Authorities will no longer be able to issue SSL Certificates with a validity period longer than 39 months.  There is an exception to this rule, but the exception should only apply to extremely rare circumstances. The current requirements stipulate a validity period no…


  5. Certificate Inspector: Port Scanning Recommendations

    Enterprise SSL Inventory Management

    DigiCert Certificate Inspector allows admins to scan and map their certificate landscape, check for vulnerabilities, and analyze the data through different reports. However, Certificate Inspector will only report data that was given to it by it’s scanning agents. Certificate Inspector scanning agents can be configured to scan domains or IP ranges and specific ports. If you…