Articles about certificate authority

Dutch windmill with tulips

Mozilla devs discuss ditching Dutch CA, because cryptowars

Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list. The nation's Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries …

Google launches root certificate authority

Google has launched its own root certificate authority. The move, announced Thursday, will stop Google relying on an intermediate certificate authority (GIAG2) issued by a third party in its ongoing process of rolling out HTTPS across its products and services. "As we look forward to the evolution of both the web and our own …
John Leyden, 27 Jan 2017
Tripping over

Symantec carpeted over dodgy certificates, again

Symantec has confirmed that it's revoked another bunch of wrongly-issued certificates. Andrew Ayer of certificate vendor and wrangler SSLMate went public with his discovery last week. The mis-issued certs were issued for example.com, and a bunch of variations of test.com (test1.com, test2.com and so on). On Saturday, Symantec …

Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row

After being pinged by Mozilla for issuing backdated SHA-1 certificates, Chinese certificate authority WoSign's owner has put the cleaners through the management of WoSign and StartCom. Mozilla put WoSign and StartCom on notice at the end of September. As part of its response, the company has posted around 200,000 certificates …

Apple chops woeful WoSign HTTPS certs from iOS, macOS

While Mozilla's democracy decides what to do about WoSign, Apple's dictatorship has issued its edict: the Chinese certificate authority WoSign will be thrown out of Cupertino's trust list. As we reported last week, after a lengthy investigation, Mozilla engineers accused WoSign of: Backdating certificates so it could still …
Banned

Mozilla wants woeful WoSign certs off the list

Mozilla wants to kick Chinese certificate authority (CA) WoSign out of its trust program. As well as being worried about the certs issued by WoSign, Mozilla accuses the company of buying another CA, StartCom, without telling anyone. In this lengthy analysis posted to Google Docs, Mozilla says its certificate wonks have "... …
fail

Chinese CA hands guy base certificates for GitHub, Florida uni

A Chinese certificate authority handed out a base certificate for GitHub and the Univerisity of Central Florida to a mere user in a significant security blunder. British Mozilla programmer Gervase Markham reported the incident on the browser baron's mailing list saying it occurred more than a year ago in July 2015 but went …
Darren Pauli, 29 Aug 2016
Let's Encrypt browser certificate

Let's Encrypt ups rate limits

Let's Encrypt has revised its rate limits to make life easier for large organisations and hosting providers who use its services. The certificate authority set up rate limits for cert creation as a defence against hacker interference and denial of service attacks. However the limitation created problems for internet service …
John Leyden, 18 Aug 2016
Image by Alphonsine Sabine http://www.shutterstock.com/gallery-1997672p1.html

Android Nougat may contain traces of NOT for users of custom CAs

Google will sweeten the forthcoming Nougat release of Android by changing the way apps work with certificate authorities (CAs) and simplifying APIs. The changes will affect only some apps and users, Android security team software engineer Chad Brubaker says . The changes mean Google will not automatically trust user-selected …
Darren Pauli, 12 Jul 2016
Engineer aboard Das Boot U-96 responds to telegraphs

Google publishes list of Certificate Authorities it doesn't trust

Google's announced another expansion to the security information offered in its transparency projects: it's now going to track certificates you might not want to trust. Certificate Authorities (CAs) that your browser (or smartphone) trusts have a suitable entry in “settings”, but if a site presents a certificate from an …

Microsoft Trusted Root Certificate program getting a lot less trusting

Microsoft is cutting the ranks of its Trusted Root Certificate partners in hopes of improving the security of Windows applications. The Redmond giant said that it would be dropping 20 currently trusted Certificate Authorities (CAs), leaving the applications and sites signed with those certificates untrusted and causing their …
Shaun Nichols, 17 Dec 2015

Create a news alert about certificate authority, or find more stories about certificate authority.

Biting the hand that feeds IT © 1998–2017