Globalsign SSL Security Incident Report

GlobalSign have issued a statement regarding the alleged compromise reported in September.

In summary;

They did not find any evidence of:

• Rogue Certificates issued.
• Customer data exposed.
• Compromised GlobalSign Root Certificate keys and associated Hardware Security Modules (HSM).
• Compromised GlobalSign Certificate Authority (CA) infrastructure.
• Compromised GlobalSign Issuing Authorities and associated HSMs.
• Compromised GlobalSign Registration Authority (RA) services.

What did happen:

• Peripheral web server, not part of the Certificate issuance infrastructure, hosting a public facing web property was breached.
• What could have been exposed? Publicly available HTML pages, publicly available PDFs, the SSL Certificate and key issued to www.globalsign.com.
• SSL Certificate and key for www.globalsign.com were deemed compromised and revoked.

The full report is available here.

Posted by Andy Gambles 

SSL with unlimited server licences

UPDATE: RapidSSL and Geotrust SSL certificates support unlimited servers

You may have read in a recent announcement that GlobalSign are providing SSL certificates with unlimited server licensing. This means you can install an SSL certificate on as many servers as you want for no extra cost (but it will still be for the same domain).

I have mentioned over the last few weeks that we have some changes coming to our SSL range. Well one of those changes is that RapidSSL and Geotrust certificates will include unlimited server licensing. This was due for release today but has been delayed until the first week in October. But come the official announcement you will be able to use your RapidSSL and Geotrust certificates on unlimited servers for no extra cost (including SSL certificates already issued).

Check out our full range of SSL Certificates from $10 a year.

If you have any queries then please let me know.

Posted by Andy Gambles