CA Root Upgrade for SSL Certificates
During the second half of 2010 VeriSign, Thawte, Geotrust and RapidSSL certificates will transition to use a 2048-bit root.
During the second half of 2010 VeriSign, Thawte, Geotrust and RapidSSL certificates will transition to use a 2048-bit root.
VeriSign have launched the VeriSign Trust Seal. This is designed for websites that do not collect customer or payment information online and therefore do not need a VeriSign SSL certificate but want to establish trust.
At the moment the trust seal is not available to VeriSign resellers (such as ServerTastic). It is anticipated that this will become available during May 2010. We will then investigate pricing for our customers.
Comments [0]
Customers purchasing their RapidSSL, Geotrust, thawte or Verisign SSL certificate from ServerTastic are now able to manage their SSL certificate orders and perform the following actions:
Comments [2]
There have been a number of attacks aimed at SSL Certificates demonstrated at the recent Black Hat event in Las Vegas. VeriSign have confirmed that non of the certificates issued within the VeriSign group are susceptibale to these attacks. This includes RapidSSL , thawte and Geotrust.
This was confirmed on Tim Callans SSL Blog. I have pasted the relevent excerpts below
Use of null Characters
The focus of this presentation was various ways to use null characters to fool browsers and other pieces of relying software into believing a certificate has been issued to a different domain than the one to which is was actually issued. The idea is that the attack would give the online criminal the ability to put up a certificate on what appears to be the exact same domain name as the targeted site. sslstrip accomplishes this feat through a Man-in-the-Middle attack and uses the null-character certificate to create its false certificates on the fly.
I'm pleased to say that none of VeriSign's SSL Certificates on any brand allow null characters, meaning that you can't use any of our certificates in the attack detailed today. While the fundamental problem needs to be solved by the client software that trusts these certificates, we still prefer not to be contributing to the problem. And until these problems are solved at the source, EV SSL is a great interim solution. The detailed attack will not work against EV SSL (as agreed by Mr. Marlinspike during the Q and A session after his talk), which means that sites have the power to defend themselves against null character attacks and in fact all attacks using sslstrip.
MD2 No Longer Secure
Kaminsky covered several topics which had SSL as a common theme. Interestingly, he also revealed his own work with null characters, which was very similar to Marlinspike's. In addition, Kaminsky talked about pre-image attacks against MD2, which he expects to be viable this calendar year. He reports that MD2 is not trusted or soon to not be trusted on these applications and platforms: Firefox, OpenSSL, Red Hat, Opera, Apple, Microsoft, Google, and VeriSign. Here I can be more specific. As of May 2009, VeriSign is issuing its SSL Certificates on all brands using SHA-1.
Leading Zeros
Kaminsky also described a "leading zero attack," by which a certificate can fool client software by essentially attaching an invisible zero to the first hex character in the certificate. Again, I'm happy to tell you that VeriSign won't issue SSL Certificates with leading zeros on any of our brands.
Comments [0]
VeriSign have announced that they have issued 4 million SSL Certificates since 1995.
Full press release below:
In 14 Years as SSL Pioneer and Market Leader, VeriSign and Its Brands Make Trusted Interactions Possible for Millions of Web Sites and Services
MOUNTAIN VIEW, CA -- (Marketwire) -- July 27, 2009 -- VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world, today announced that it has issued more than 4 million Secure Sockets Layer (SSL) Certificates. The total includes certificates issued by VeriSign under all four of its SSL brands: VeriSign®, GeoTrust®, thawte®, and RapidSSL®.
Since 1995, the company has served as a trusted third party and Certificate Authority responsible for issuing and authenticating a range of digital certificates designed to protect online businesses and their customers by:
-- Encrypting sensitive information during online transactions -- Authenticating the identity of certificate owners -- Warning when certificates are invalidUnder its four brands, VeriSign issues, authenticates and manages a range of certificates that are vital to the secure and trusted operation of the Internet, Web-based applications, and services requiring digital IDs, including:
-- SSL Certificates. VeriSign provides secure SSL encryption to Web sites protected by all VeriSign SSL Certificates brands, enabling trusted e- commerce, communications, and interactions on Web sites, intranets, and extranets. -- Extended Validation (EV) SSL Certificates. EV SSL protection provides Web users using high security browsers with immediate visual confirmation that they've reached a site whose authenticity has been independently verified by VeriSign. -- Server-Gated Cryptography (SGC) Certificates. VeriSign's SGC Certificates enable every Web site visitor to connect using the strongest encryption for which their systems are capable. -- Code Signing Certificates. VeriSign® Code Signing creates a digital "shrink-wrap" for code and content to protect software publishers and users when they download code and content over the Internet and mobile networks. -- PKI Certificates. VeriSign protects enterprises, government agencies and others with a flexible platform enabling complete management of digital certificates for authentication, encryption and digital signing.The milestone of issuing more than 4 million SSL certificates underscores how VeriSign is essential to enabling secure online transactions around the world. The company has issued more than 12,000 EV SSL Certificates, making VeriSign the far-and-away market leader with a 74 percent share of the EV SSL market. And every day, VeriSign conducts up to 1 billion Online Certificate Status Protocol (OCSP) checks -- the most timely and efficient way for Web browsers to determine whether an SSL or user certificate is still valid or has been revoked and a key indicator of secure sessions initiated using VeriSign SSL Certificates.
VeriSign also plays a vital role in Public Key Infrastructure (PKI) deployments, which use digital certificates for authentication, encryption and digital signing. In the past 14 years, VeriSign has issued and managed tens of millions of PKI certificates for thousands of customers throughout the world.
"As the world's leading SSL Certificate Authority, VeriSign understands that when customer trust is paramount, second best is never nearly good enough," said Tim Callan, vice president of product marketing at VeriSign. "Now more than ever, in a marketplace that is truly global and increasingly competitive, protecting a Web site, application or service with VeriSign is an investment that pays dividends every day."
Comments [0]
MOUNTAIN VIEW, CA -- (Marketwire) -- July 15, 2009 -- VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world, today reported it has topped the 1 billion mark for daily Online Certificate Status Protocol (OCSP) checks.
The milestone means that with each passing second, VeriSign and its subsidiaries enable another 11,500 secure online transactions around the world. A key link in the online security chain, OCSP offers the most timely and efficient way for Web browsers to determine whether a Secure Sockets Layer (SSL) or user certificate is still valid or has been revoked. Generally, when a browser initiates an SSL session, OCSP servers receive a query to check to see if the certificate in use is valid. Likewise, when a user initiates actions such as smartcard logon, VPN access or Web authentication, OCSP servers check the validity of the user certificate that is presented. OCSP servers are operated by Certificate Authorities, and VeriSign is the world's leading Certificate Authority.
"More people transact online with sites secured by VeriSign than any other Certificate Authority, and today's announcement underscores our ability to meet the ever-scaling demands of Internet commerce," said Tim Callan, vice president of product marketing at VeriSign. "It takes a world-class infrastructure and the best practices in the business to support these volumes, and VeriSign has invested heavily over the years to keep pace with the growth of online commerce. As the security backbone of the Internet, VeriSign is uniquely positioned to enable secure transactions well beyond the milestone we've reached today."
As the most respected and trusted Certificate Authority on the Web, VeriSign is the EV SSL Certificate provider of choice for more than 10,000 Internet domain names, representing 74 percent of the entire EV SSL Certificate market worldwide. In fact, more than 95 percent of the Fortune 500 and 96 of the world's 100 largest SSL-using banks secure their sites with SSL Certificates sold by VeriSign*. Each year VeriSign also issues millions of user and device certificates per year to tens of thousands of enterprises, governments, and individuals around the world.
As a VeriSign Platinum Partner ServerTastic can supply VeriSign SSL certificates at discounted prices via our easy to use online checkout system.
Comments [0]
Do not let your website carts get abandoned. Secure them with an appropriate SSL Certificate.
Comments [1]
This video is produced by VeriSign to demonstrate how the VeriSign Secured Seal can boost consumer confidence when shopping on your website.
All VeriSign SSL Certificates supplied by ServerTastic include the VeriSign Secure Seal.
ServerTastic recommends you also use Extended Validation certificates as a way of further increasing consumer confidence.
Our very own ServerTastic website began using the VeriSign Secured Seal and EV certificate just over a year ago which has helped us increase sales by 78% during this time.
Comments [0]
Tim Callan from the SSL Blog reports that Firefox 3.5 is not showing the green address bar for some brands of Extended Validation certificates.
SSL Certificates from VeriSign, Geotrust and thawte are not affected.
Comments [0]
Verisign is one of the leading suppliers of EV SSL certificates in the world. Recent statistics show that of the 13,000 EV certificates issued 10,000 were by VeriSign.
At ServerTastic we supply VeriSign SSL Certificates at a big discount. These are exactly the same as buying directly, you even complete the process with VeriSign. The only difference is you pay us less than you pay VeriSign.
Comments [0]
Comments [0]