A Guide to TLS Certificate Revocations

Certificate revocations can be disruptive and painful to customers and relying parties. We often get questions about why certificates were revoked, who said we need to revoke them and why more notice was not provided. This article provides background and details to these and other related questions. Background The CA/Browser (CA/B) Forum is one of […]

CA/B Forum Update on EV Certificate Improvements

DigiCert actively participates in several industry standards groups and discussions. This year many in-person events have been canceled due to COVID-19 restrictions, which makes it harder to build relationships through side conversations that foster advancement. However, we remain committed to improving internet security, whether through in-person or virtual discussions. The CA/Browser (CA/B) Forum held a […]

Taking a Data-Driven Approach Towards Compliance

In the realm of operating as the world’s largest global certificate authority (CA), how does DigiCert stay on top of compliance while issuing millions of public certificates in any given year? This includes identifying and remediating issues as we discover them to assure continual improvement and tight compliance. Understanding problems with certificates requires an inspection […]

One-Year Public-Trust SSL Certificates: DigiCert’s Here to Help

By now you’ve likely heard about Apple’s announcement at the February 2020 Certificate Authority/Browser Forum meeting that they will no longer accept publicly trusted TLS webserver certificates valid for longer than 398 days after Sept. 1, 2020 in the Mac OS and iOS platforms. The CA/B Forum had previously voted down an initiative to reduce […]

Position on 1-Year Certificates

Three, Two, One, Liftoff on One-Year TLS Certificates At the CA/Browser (CA/B) Forum in Bratislava, Slovakia, this week, Apple announced that beginning Sept. 1, newly issued publicly trusted TLS certificates are valid for no longer than 398 days. This followed a long history of the CA/B Forum community working to reduce certificate lifetimes and improve […]

New CA/B Forum Proposal to Shorten Certificate Lifetimes: Will It Improve Security?

A new CA/Browser Forum proposal being discussed now would shorten maximum certificate lifetimes to 13 months. This comes after lifetimes were reduced from 39 to 27 months, effective March 2018. If passed, these changes would go into effect in March 2020. This blog analyzes the merits of this proposal and how the proposed security benefit […]

DigiCert pushes underscore extension

Earlier this year, certain browsers in the CA/Browser Forum mandated that underscore certificates be revoked immediately due to new interpretations of the RFC 1034 standard that is incorporated by reference into the CA/Browser Forum Baseline Requirements. This resulted in an ongoing discussion in the CA/Browser Forum over the course of this year: should underscore certificates […]

No more unnecessary password changes for Certificate Authorities

After over a year of effort, Ballot SC3 was just unanimously passed by the CA/Browser Forum. This is the first major upgrade to the Network and Certificate System Security Requirements to come out of the Forum’s Network Security Working Group. It contains several important improvements, but one is especially important: removing the requirement that passwords […]