During the second half of 2010 VeriSign, Thawte, Geotrust and RapidSSL certificates will transition to use a 2048-bit root.

Loading mentions Retweet

PLEASE NOTE: Due to an implementation problem this feature has been temporarily disabled. We will update with more details as soon as we can.

The latest update to the SSL order system means that RapidSSL and Geotrust certificates now automatically secure the WWW and non-WWW domain in a single certificate.

Loading mentions Retweet

The True BusinessID with EV promotion is due to end on 31st January 2010.

Loading mentions Retweet

The True BusinessID with EV $174.00 Year promotion has been extended to 31st January 2010.

Loading mentions Retweet

• PROMOTION EXTENDED TO 31st January 2010!
• Buy now from $174.00 a year[Offer Ends 31st December 2009!]
• Find more Geotrust Products
• Find more SSL Certificates
• Blog Tags: SSL : Geotrust : EV

Boost online transactions with the green address bar

Maximize security and online sales potential using GeoTrust True BusinessID with EV enabling up to 256-bit encryption on web browsers and mobile phones. With Extended Validation, visitors using high-security browsers see the address bar turn green when they visit your site. Extended Validation SSL Certificates provide a convenient and visible sign that you have a highly authenticated, trustworthy site and that your customers’ information is secure.

Buy now from $174.00 a year[Offer Ends 31st December 2009! 31st January 2010]

Increase customer confidence and transactions

Before consumers enter credit card or sensitive personal information online they want to confirm that they are on the intended site and that their information is protected. In addition to the green bar, high security browsers display the authenticated organization name on the Extended Validation SSL certificate and the CA that issued it. These features are immediately visible and give customers the confidence to complete their transactions.

True BusinessID with EV Features and Benefits

• Extended Validation with green address bar technology
• Full organization validation
• Up to 256-bit SSL encryption
• Dynamic Geotrust True Site Seal with company name and dynamic time stamp
• Recognised by over 99% of all browsers and mobile devices
• $150,000 warranty
• Multi year discounts
• Free self-service reissues
• Free technical support direct from Geotrust
• 7 Day refund policy

Buy now from $174.00 a year[Offer Ends 31st December 2009! 31st January 2010]

Secure online transactions with up to 256-bit encryption

GeoTrust helps you protect sensitive information during transmission when your customers, business partners, and employees connect with you online. True BusinessID with EV certificates enable 40-bit to 256-bit encryption, depending on the client browser capability and the cipher suite installed on your web server.

Let customers know you take security seriously

Every True BusinessID with EV certificate includes a dynamic GeoTrust True Site Seal with your company name and a date/time stamp. When users of older browsers and mobile browsers who cannot see the green address bar, the dynamic True Site Seal helps visitors identify your site as genuine, authentic, and validated by an independent third party.

Buy now from $174.00 a year[Offer Ends 31st December 2009! 31st January 2010]

Loading mentions Retweet

Customers purchasing their RapidSSL, Geotrust, thawte or Verisign SSL certificate from ServerTastic are now able to manage their SSL certificate orders and perform the following actions:

Loading mentions Retweet

The QuickSSL Premium SSL certificate from Geotrust can now be used to secure both the www and the non-www part of a domain with just a single certificate.

NOTE: This has now changed. The QuickSSL Premium now automatically secures the www and non-www portion of the SSL domain. You do not need to follow the instructions any further.

In fact the certificate can secure the main domain and up to 3 sub-domains. Those of you with an understanding of SSL certificates will see that this is done by providing 3 SANs within the SSL certificate.

If that wasn't good news on it's own the even better news is that this does not cost any extra with ServerTastic.

But there is some bad news. To enable this on the certificate is a little bit fiddley. I will do my best to describe how to do it (we hope to make this much easier in the future).

Just one other point before we continue this can not be applied to certificates already issued but you can use this with any QuickSSL Premium invites you have not yet used.

When you order a QuickSSL Premium certificate from ServerTastic you will get an enrolment URL sent to you via email like the one below

Do not click on the URL. Instead copy and paste this into your browsers address bar. Then you must add &SAN=True onto the end of the URL as per the example below.

Hit enter and you will then be taken to the QuickSSL Premium enrolment screen. The second page of this process is where you would paste your CSR. But you should also see some additional options at the bottom of the page were you can enter up to 3 domains

Firstly you should completely ignore the Microsoft Small Business Server 2003 text. This is now redundant and we are trying to get this changed.

In the 3 boxes Domain 1, Domain 2 and Domain 3 you can enter the domains you want to secure with this certificate. They must however be part of the main domain.

Here are some examples

CSR: www. servertastic.com
Domain 1: servertastic.com
Domain 2: checkout.servertastic.com
Domain 3: support.servertastic.com

 

CSR: servertastic.com
Domain 1: www. servertastic.com
Domain 2: checkout.servertastic.com
Domain 3: support.servertastic.com

As you can see you can either include the www element of your domain in the CSR or as one of the extra domains.

The QuickSSL Premium certificate is available at ServerTastic from just $55.00 a year.

Be sure to leave your questions or comments below if you have any!

Loading mentions Retweet

There have been a number of attacks aimed at SSL Certificates demonstrated at the recent Black Hat event in Las Vegas. VeriSign have confirmed that non of the certificates issued within the VeriSign group are susceptibale to these attacks. This includes RapidSSL , thawte and Geotrust.

This was confirmed on Tim Callans SSL Blog. I have pasted the relevent excerpts below

Use of null Characters

The focus of this presentation was various ways to use null characters to fool browsers and other pieces of relying software into believing a certificate has been issued to a different domain than the one to which is was actually issued. The idea is that the attack would give the online criminal the ability to put up a certificate on what appears to be the exact same domain name as the targeted site. sslstrip accomplishes this feat through a Man-in-the-Middle attack and uses the null-character certificate to create its false certificates on the fly.

I'm pleased to say that none of VeriSign's SSL Certificates on any brand allow null characters, meaning that you can't use any of our certificates in the attack detailed today. While the fundamental problem needs to be solved by the client software that trusts these certificates, we still prefer not to be contributing to the problem. And until these problems are solved at the source, EV SSL is a great interim solution. The detailed attack will not work against EV SSL (as agreed by Mr. Marlinspike during the Q and A session after his talk), which means that sites have the power to defend themselves against null character attacks and in fact all attacks using sslstrip.

MD2 No Longer Secure

Kaminsky covered several topics which had SSL as a common theme. Interestingly, he also revealed his own work with null characters, which was very similar to Marlinspike's. In addition, Kaminsky talked about pre-image attacks against MD2, which he expects to be viable this calendar year. He reports that MD2 is not trusted or soon to not be trusted on these applications and platforms: Firefox, OpenSSL, Red Hat, Opera, Apple, Microsoft, Google, and VeriSign. Here I can be more specific. As of May 2009, VeriSign is issuing its SSL Certificates on all brands using SHA-1.

Leading Zeros

Kaminsky also described a "leading zero attack," by which a certificate can fool client software by essentially attaching an invisible zero to the first hex character in the certificate. Again, I'm happy to tell you that VeriSign won't issue SSL Certificates with leading zeros on any of our brands.

Loading mentions Retweet

VeriSign have announced that they have issued 4 million SSL Certificates since 1995.

Full press release below:

In 14 Years as SSL Pioneer and Market Leader, VeriSign and Its Brands Make Trusted Interactions Possible for Millions of Web Sites and Services

MOUNTAIN VIEW, CA -- (Marketwire) -- July 27, 2009 -- VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world, today announced that it has issued more than 4 million Secure Sockets Layer (SSL) Certificates. The total includes certificates issued by VeriSign under all four of its SSL brands: VeriSign®, GeoTrust®, thawte®, and RapidSSL®.

Since 1995, the company has served as a trusted third party and Certificate Authority responsible for issuing and authenticating a range of digital certificates designed to protect online businesses and their customers by:

 

--  Encrypting sensitive information during online transactions
--  Authenticating the identity of certificate owners
--  Warning when certificates are invalid
    

Under its four brands, VeriSign issues, authenticates and manages a range of certificates that are vital to the secure and trusted operation of the Internet, Web-based applications, and services requiring digital IDs, including:

 

--  SSL Certificates. VeriSign provides secure SSL encryption to Web sites
    protected by all VeriSign SSL Certificates brands, enabling trusted e-
    commerce, communications, and interactions on Web sites, intranets, and
    extranets.
--  Extended Validation (EV) SSL Certificates. EV SSL protection provides
    Web users using high security browsers with immediate visual confirmation
    that they've reached a site whose authenticity has been independently
    verified by VeriSign.
--  Server-Gated Cryptography (SGC) Certificates.  VeriSign's SGC
    Certificates enable every Web site visitor to connect using the strongest
    encryption for which their systems are capable.
--  Code Signing Certificates. VeriSign® Code Signing creates a digital
    "shrink-wrap" for code and content to protect software publishers and users
    when they download code and content over the Internet and mobile networks.
--  PKI Certificates. VeriSign protects enterprises, government agencies
    and others with a flexible platform enabling complete management of digital
    certificates for authentication, encryption and digital signing.
    

The milestone of issuing more than 4 million SSL certificates underscores how VeriSign is essential to enabling secure online transactions around the world. The company has issued more than 12,000 EV SSL Certificates, making VeriSign the far-and-away market leader with a 74 percent share of the EV SSL market. And every day, VeriSign conducts up to 1 billion Online Certificate Status Protocol (OCSP) checks -- the most timely and efficient way for Web browsers to determine whether an SSL or user certificate is still valid or has been revoked and a key indicator of secure sessions initiated using VeriSign SSL Certificates.

VeriSign also plays a vital role in Public Key Infrastructure (PKI) deployments, which use digital certificates for authentication, encryption and digital signing. In the past 14 years, VeriSign has issued and managed tens of millions of PKI certificates for thousands of customers throughout the world.

"As the world's leading SSL Certificate Authority, VeriSign understands that when customer trust is paramount, second best is never nearly good enough," said Tim Callan, vice president of product marketing at VeriSign. "Now more than ever, in a marketplace that is truly global and increasingly competitive, protecting a Web site, application or service with VeriSign is an investment that pays dividends every day."

 

Loading mentions Retweet