Trustico, a reseller of SSL certificates, has admitted to storing the private keys of some of the SSL certificates it issued to its customers over the past years.
Over 23,000 users will have their SSL certificates revoked by tomorrow morning, March 1, in an incident between two companies â€”Trustico and DigiCertâ€” that is likely to have a huge impact on the CA (Certificate Authority) industry as a whole in the coming months.
New research published yesterday reveals that putting your trust in Extended Validation ("EV") SSL certificates will not safeguard you from phishing sites and online fraud.
Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by 2020.
Comodo, the Internets' leading Certificate Authority (CA), has sold a majority stake in its SSL issuance business for an undisclosed amount to Francisco Partners, a San Francisco-based venture capital firm.
Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys."
One day after the CAA (Certificate Authority Authorization) standard became obligatory on September 8, a German security researcher caught Comodo breaking the rules and issuing an SSL certificate it was not supposed to issue.
In the face of devastating penalties prepared by Google, Symantec announced plans to sell its SSL issuance certificate business to rival company DigiCert.
Google will distrust all existing Symantec SSL certificates starting with October 2018, and Symantec will have to rebuild its entire certificate issuance infrastructure from scratch if it wants to remain in the CA (Certificate Authority) business.
A report released today by security experts from Sucuri and Unmask Parasites (UP) describes numerous instances where sites that handled password and credit card via HTTP pages found themselves on Google's Safe Browsing blacklist.
Last week, the CA/Browser Forum voted to implement CAA mandatory checks before the issuance of new SSL/TLS certificates, as a measure to prevent the misissuance of HTTPS certificates.
Flaws in the API used by Symantec partners would have allowed an attacker to retrieve certificates, including private keys, security researcher Chris Byrne said in a Facebook post published over the weekend.
During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites.
Google Chrome engineers announced plans today to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec.
WordPress creator and Automattic founder Matt Mullenweg announced today that upcoming versions of the WordPress CMS would include features that would require hosts to support HTTPS.