SSL Internet Security News Archive -- September 27, 2016

Security and Encryption in Education White Paper

DigiCert Presents Information for Educational Institutions in New Education White Paper

October 13, 2009 - DigiCert presents our new Education White Paper. Now that academic registration, application materials, and grades are submitted and recorded over open networks, better security measures are needed. The Family Educational Rights and Privacy Act (FERPA) prohibits educational institutions from disclosing certain sensitive "personally identifiable education information" and gives parents the right to receive access to their children's education records. The U.S. Department of Education has recommendations for data breach situations.


Phishing and Preventative Measures White Paper

Outline for Preventative Measures that Can Be Taken to Reduce The Effectiveness of Online Phishing Attacks

June 12, 2009 - A new Phishing and Preventative Measures White Paper outlines steps that can be taken to prevent online fraud.

Phishing is just one of the many ways that the Internet can be used to get people to unknowingly provide their personal financial information to fraudsters. Phishing often targets and leverages the trusted brands of well-known entities like banks, payment services, social networking sites, and other places where users are likely to have an online account. Certificate Authorities, like DigiCert, rely on the contact information maintained by domain registrars to determine domain ownership and avoid issuing certificates to fraudulent sites.


Instructional Videos Available Online

New instructional videos assist with CSR creation and SSL certificate installation.

March 27, 2009 - Instructional videos are now available for the most common Microsoft server types, including Exchange 2007 and IIS 5, 6, & 7.

These videos are available on the same page as our standard instructions (go to our CSR creation or SSL installation instruction page and select your server from the list on the right).


PCI Compliant SSL Certificate Encryption

DigiCert Outlines PCI Compliance in New White Paper

March 16, 2009 -- Server security certificates from DigiCert help satisfy PCI-DSS (Payment Card Industry Data Security Standard) compliance requirements with strong SSLv3 capable certificates. Protection and encryption of cardholder data (such as that provided by SSL/TLS) is required by PCI-DSS Control Objectives.

Find out more about how DigiCert can help you pass the PCI Compliance Audit with our new PCI compliance white paper.


DigiCert EV SSL Certificates Protect Users From SSLstrip and Man-in-the-Middle Attacks

SSL Certificate Authority Answers New Digital Threats Presented at Black Hat Conference

LINDON, Utah, Feb. 19 -- On Wednesday, February 18 at the Black Hat conference inWashington, D.C., an independent hacker known as Moxie Marlinspike presented a software tool called SSLstrip designed to remove the SSL protection from websites using advanced man-in-the-middle attack methods. DigiCert, a major worldwide provider of SSL Certificates, replied that Extended Validation (EV) SSL Certificates help users to recognize and steer clear of such attacks.

Marlinspike demonstrated how the SSLstrip program can intercept connections between a web browser and a trusted website, then serve the web browser the contents of the trusted site without trusted SSL encryption. The webpage could potentially be loaded unsecured (http) or spoofed with a low-assurance SSL certificate on a fraudulent domain name, similar to a phishing attack. Therefore, it is possible that the pages would still load with a padlock in the browser. SSLstrip could potentially be effective at stealing sensitive information including usernames, passwords, or credit card information in situations where man-in-the-middle attacks are possible such as in Onion Routing configurations and Wi-Fi networks. Read more...


EV SSL Certificate Compatibility Expanded to Opera

Extended Validation SSL Certificates from DigiCert Now Provide Expanded Green Bar Verification in All EV-Enabled Browsers

February 5, 2009 -- With fraud and identity theft as the top concerns of today's online consumers, Extended Validation (EV) SSL can increase user trust for any online business.

With today's addition of Opera, DigiCert EV certificates are now supported in 100% of EV-enabled browsers. Opera is added to a list of browsers that support the "green bar" for DigiCert EV SSL that also includes Internet Explorer, Firefox, Safari, Chrome, and Flock. Read more...


MD5 Certificate Vulnerability

SSL Certificates With MD5 Cryptographic Standards Considered Insecure - All DigiCert Customers Unaffected.

January 5, 2009 -- On December 30, 2008 a group of security researchers reported that by exploiting a known weakness in the MD5 hashing algorithm, they were able to create a rogue intermediate CA certificate under the "Equifax Secure Global eBusiness CA-1" root certificate, belonging to GeoTrust's RapidSSL brand.

Because all certificates issued by DigiCert use the SHA-1 standard, we are happy to reassure all our past, present, and future customers that these findings do not present any reason for them to worry about the integrity of their DigiCert SSL certificates. The fact that DigiCert uses SHA-1 instead of the outdated MD5, along with various other internal controls, makes the attack by the MD5 researchers impossible. Read more...


DigiCert Launches New Design

DigiCert launches its new design, geared towards improving user experience and making the SSL-buying process easier.

July 31, 2008 -- Today DigiCert launched a new site designed to improve and simplify the SSL shopping experience for customers. The new DigiCert layout provides faster answers to the most commonly asked questions. It is easier to read and navigate, and visitors now have the freedom to shop by their server type, their server configuration, or even the type of organization that they are purchasing for.

Our customers have given us quality feedback for improving our site, and we have listened. We are dedicated to giving our customers the best support possible, and we feel that one of the best ways that we can do this is through providing a website that is geared towards their needs. We invite our customers to share with us any further suggestions that they may have for improving our site. Please feel free to tell us what you think by sending an email to support@digicert.com.


New certificate installation test utility launched

Utility helps customers confirm that their certificate is installed correctly

November 5, 2007 -- A new certificate installation test utility has been launched on the DigiCert website to help customers confirm that their certificate is correctly installed to their server. The new installation test provides the following information of any certificate installation:

  • The IP address that the domain name resolves to
  • All of the domain names contained in the certificate
  • Date of certificate expiration
  • Whether the Certificate name matches the domain name of the site
  • Whether the intermediate certificate has been installed correctly

The new certificate installation test can be found at https://www.digicert.com/help/


DigiCert adds Plus feature to single-name, EV, and WildCard certificates

Plus feature improves flexibility and compatibility

April 1, 2007 -- A new "Plus" feature has been added to all DigiCert single-name, EV, and WildCard certificates to further improve compatibility. The new "Plus" feature means different things for different certificates:

For Single-Name and EV Certificates - All DigiCert Single-Name and EV certificates are now designed to authenticate to the domain name with and without the leading "www." Previously, certificates were only issued to work with the "www." or without it, but not both ways. With the new "Plus" feature, your Single-Name or EV certificate will work seamlessly, regardless of whether or not your visitors include "www." in the URL.

For Wildcard Certificates - The plus feature includes the base domain ("example.com" in a certificate issued to "*.example.com"), overcoming a flaw in traditional wildcard certificates. WildCard Plus also allows for compatibility for Windows Mobile 5, which does not otherwise accept the "*" character that is basic to the syntax of Wildcard Certificates. Server administrators have the ability to include specific subdomains in their Wildcard certificates, which provides a method of name authentication that is compatible with Windows Mobile 5.


DigiCert offers Unified Communications Certificates

New product designed for Microsoft Exchange Server uses SANs to secure multiple names

March 7, 2007 -- In a combined effort with Microsoft, DigiCert is excited to introduce the new DigiCert Unified Communications (UC) Certificate. UC certificates are sometimes called SAN Certificates, because they use Subject Alternative Names (SANs) to secure up to 25 different fully qualified domain names. They are designed to work with the new Microsoft Unified Communications server. In addition, UC certificates are an excellent solution for server administrators who wish to secure many different domain names with the same certificate. Because all DigiCert UC certificates are issued with an unlimited server license, server administrators have the freedom to install their certificates to as many different server as they wish at no extra cost.


DigiCert completes WebTrust Certification

DigiCert completes WebTrust Certification, meets WebTrust standards for SSL Certificate Authorities

August 10, 2005 - DigiCert has met the WebTrust standards for SSL Certificate Authorities, set by the American Institute of Certified Public Accountants [AICPU]. DigiCert follows a complex process of stringent procedures to ensure that security is not compromised and that there is appropriate authentication of every certificate issued.


DigiCert Launches New SSL Partner Program

DigiCert Launches New SSL Partner Program, announces a new global business opportunity for ISPs, Web Hosts, Server Admins, and Web Developers

July 6, 2005 - The DigiCert SSL Partner Program is perfect for ISPs, Hosting Companies, Web Developers, and Server Admins and is designed to generate additional income, without more overhead. The enrollment process is easy and free, there is absolutely no investment or start-up fee, and there is no risk so you can earn ongoing residual income year after year.