DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Certificate authority CA DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificate...

Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

Let's Encrypt, a free, automated, and open certificate signing authority CA from the nonprofit Internet Security Research Group ISRG, has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million...

SSL Certificate Validity - Duration

The CA/Browser Forum has passed a resolution setting the maximum validity period for SSL/TLS subscriber certificates via ballot 193. Certificates issued after March 1, 2018 may not be valid longer than 825 days. Certificates issued after July 1, 2016 through March 1, 2018 may not be valid longer...

Google to Fully Distrust WoSign/StartCom SSL Certs in Chrome 61

Websites that are still using digital certificates issued by Chinese Certificate Authority WoSign may want to accelerate their plans to replace those certs. Google last week said it will fully distrust remaining certificates issued by the CA starting with Chrome 61. Devon O’Brien of the Chrome...

Google to Make Certificate Transparency Mandatory By 2017

Google is making Certificate Transparency mandatory for its Chrome web browser by October 2017. Google software engineer Ryan Sleevi made the announcement in conjunction with the CA/Browser Forum that took place in Redmond, Washington last week. The move is an attempt to reduce the number of doma...

Mozilla Wants to Drop WoSign as Trusted CA

Mozilla has accused a Chinese Certificate Authority of back-dating SHA-1 certificates to get around restrictions barring deprecated certs from being trusted, and is ready to ban the CA for one year. The back-dating is just one of many violations derived after a lengthy investigation of WoSign and...

Mozilla Asks CAs for Details on Subordinate Certificate Controls

Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate...

Google to Stop Using Online CRL Checks for Chrome

In the face of mounting evidence that the CA system is inherently flawed, Google officials are in the process of making changes to the way Chrome handles certificate revocations, and no longer will be using online revocation checks. Instead, Chrome will use the existing update system in the brows...