ServerTastic Blog

Updates from the world of ServerTastic

Tag Archives: SSL

Bulk Discounts to be Discountinued

With affect from 1st June 2012 bulk discounts on SSL certificates will be discontinued. That means there will be no discounts on 10 or more purchases of RapidSSL or QuickSSL Premium certificates from this date.

The discounted pricing will continue but you must sign-up for our official reseller program.

The reseller program will allow you to purchase points for your reseller account. You then spend these points on SSL purchases at further discounted pricing. You can also take advantage of our automated API to manage your orders. The reseller program is free of charge and there is no obligation to make any purchases.

SagePay Fails to Renew SSL Certificate

So SagePay has made one of the largest errors a payment processor could make. It has failed to renew it’s SSL certificate. Users trying to make payment on merchant websites that used SagePay would have been met by expired certificate warnings.

Technically users could just continue to the website and the connection would still be secure and encrypted. However your average user would most likely have headed off “Back to safety” as the Chrome warning would suggest.

SagePay has some big apologies to make especially given the complaints on twitter.

I do feel a little bit sorry for Amy Monro the PR lady at SagePay. She is doing her best to answer those twitter complaints

However perhaps she needs a little education on SSL certificates. She is claiming the certificate is valid and in date and that this is an admin error. The certificate is clearly not valid! It is possible they have already renewed the SSL certificate and simply failed to replace the existing certificate on their website. If this is the case it is an easy 2 minute fix. However since the problem remains ongoing I suspect nobody has even started the renewal process. In fact I can confirm that nobody must have started the renewal process until after the certificate had expired. If you check the certificate now it was issued on 26 April 2012 01:00 BST.

So a few final tips for SagePay (and anyone else using SSL certificates).

  • SSLs are only valid for a fixed period of time, just like domain registrations.
  • If you renew an SSL you have to replace the current certificate with the new one.
  • You can renew up to 90 days BEFORE your current certificate expires.
  • Buy your SSL from ServerTastic because we could save you loadsa money!

Symantec clarifies that SSL Security has not been breached following VeriSign Inc Announcement

News broke recently that Verisign, Inc. reported in their quarterly SEC filings that they had been victims of a security breach in 2010. At this time, Verisign, Inc. has only confirmed that the incident did not impact their DNS business. 

Just as Verisign, Inc. stated that there was no impact to their production environment, I stand behind the following statement that Symantec made in response to media questions regarding the 2010 Verisign, Inc. security breach:

Symantec takes the security and proper functionality of its solutions very seriously.Trust Services (SSL), User Authentication (VIP, PKI, FDS), and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the Verisign, Inc. quarterly filing.

Unfortunately, many people are associating the breach at Verisign, Inc. with the brand of SSL Certificates that Symantec acquired, begging the question “Is SSL dead”? SSL, or HTTPS encryption, remains today as the most secure method to protect online data in transit. Symantec Trust Services, and Identity and Authentication solutions continue to provide unparalleled levels of security, not only in terms of our products, but in terms of how we protect the systems that protect you and your customers.

2/3/12 Update – I want to clear up some confusion about the two brands.  In 2010, Symantec acquired the security assets listed above from Verisign, not the entire Verisign organization.  Verisign Inc. is a separate public company, responsible for the SEC disclosure.

via symantec.com

Globalsign SSL Security Incident Report

GlobalSign have issued a statement regarding the alleged compromise reported in September.

In summary;

They did not find any evidence of:

  • Rogue Certificates issued.
  • Customer data exposed.
  • Compromised GlobalSign Root Certificate keys and associated Hardware Security Modules (HSM).
  • Compromised GlobalSign Certificate Authority (CA) infrastructure.
  • Compromised GlobalSign Issuing Authorities and associated HSMs.
  • Compromised GlobalSign Registration Authority (RA) services.

What did happen:

  • Peripheral web server, not part of the Certificate issuance infrastructure, hosting a public facing web property was breached.
  • What could have been exposed? Publicly available HTML pages, publicly available PDFs, the SSL Certificate and key issued to www.globalsign.com.
  • SSL Certificate and key for www.globalsign.com were deemed compromised and revoked.

The full report is available here.

Bulk Purchase Options for SSL

Just in case you didn’t know we have a couple of bulk purchase options available at ServerTastic.

RapidSSL 1 Year – Buy 10 or more for $10.00 each

QuickSSL Premium 1 Year – Buy 10 or more for $69 year

When you purchase you will receive an individual invite for each certificate you have purchased. These links are valid for 365 days from purchase. But the certificate is valid for 1 year from the date of issue (so you will not lose any days on your certificate).

You can supply the invite links to your customers. They contain no ServerTastic branding. We are working to bring some more bulk purchase offers and promotions.

Let us know if you have any questions.