As PKI practitioners, we’ve been asked the question for years: “What’s the best way to get a digital certificate on _____?” What gets filled into the blank has expanded dramatically over time, however. Ten years ago, certificates [...]
Vulnerabilities tend to morph over time. Upon initial identification, researchers, companies, and experts tend to rush to offer opinions, sometimes factual and sometimes less so.
In the wake of the Heartbleed bug, many are faced with the daunting (and expensive) prospect of replacing the SSL certificates on those vulnerable systems. This is due to the possibility that the private keys of exposed SSL certif [...]
On April 7, 2014 a severe vulnerability called “Heartbleed” was announced. Heartbleed is a vulnerability within the OpenSSL 1.0.1 series software that is described in the NIST CVE-2014-0160 announcement. In short, this vulnerabili [...]
In the 12+ years that CSS has been helping organizations deploy Public Key Infrastructures, we frequently run into situations where PKI components are already present in the environment. Often it’s an older PKI that someone new to [...]
By now, you may have already heard that Microsoft will start deprecating trust in certificates with SHA-1 signatures in 2016. In our view, this is a prudent move by Microsoft. We've long known that SHA-1 was weakening, and showing [...]