Posts tagged with certificates
Earlier this year, Apple announced that it limit the lifetime of trusted certificates to 398 days. Shortly after, both Firefox and Chrome followed in their footsteps.
Read more [ohdear.app]
Oh Dear performs SSL certificate monitoring in a slightly different than other services, which is why it was able to detect a problem with the SSL certificates of a very large, commercial, CDN provider.
Read more [ohdear.app]
Join 9,500+ smart developers
Every month I share what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.
No spam. Unsubscribe anytime. You can also follow me on X.
On the Oh Dear blog, Mattias Geniar shares how he found all certificates that were affected by Let's Encrypt mass revocation of SSL certificates.
Read more [ohdear.app]
In a new blogpost Troy Hunt explains why you shouldn't bother buying an EV certificate anymore.
That's it - I'm calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from "barely there" to "as good as non-existent". This change has come via a combination of factors including increasing use of mobile devices, removal of the EV visual indicator by browser vendors and as of today, removal from Safari on iOS
Read more [www.troyhunt.com]
Scott Helme, creator of securityheaders.io, wrote a good introduction to certificate transparency.
Certificate Transparency is an open framework for monitoring and auditing the certificates issued by Certificate Authorities in near real-time. By requiring a CA to log all certificates they generate, site owners can quickly identify mis-issued certificates and it becomes much easier to detect a rogue CA.
https://scotthelme.co.uk/certificate-transparency-an-introduction/
Oh Dear!, my side project leverages certificate transparency logs to send you a notification as soon as a new certificate is issued for your domain.
In a new article on his blog Ian Carroll shows that it's quite easy to trick users into thinking that they're connected to the right site.
Extended validation ("EV") certificates are a unique type of certificate issued by certificate authorities after more extensive validation of the entity requesting the certificate. In exchange for this more rigorous vetting, browsers show a special indicator like a green bar containing the company name, or in the case of Safari completely replace the URL with the company name. ... Today, I will demonstrate another issue with EV certificates: colliding entity names. Specifically, this site uses an EV certificate for "Stripe, Inc", that was legitimately issued by Comodo.
https://stripe.ian.sh/
On his blog Simone Carletti gives a good overview of everything Let's Encrypt has to offer (and he also touches on what the service doesn't offer)
Let’s Encrypt is a new certificate authority that entered the internet scene at the end of 2015. ... However, Let’s Encrypt is not only free. Quoting the homepage: Let’s Encrypt is free, automated, and open.But what does it mean? In this article I’ll share some of the direct consequences of that quote to help you better understand how Let’s Encrypt (currently) works. My goal here is not to judge or advertise the service offered by Let’s Encrypt (either in a negative or positive way), rather provide an overview of what you should expect if you use this service, and let you decide whether Let’s Encrypt is a good fit for you or not.
https://simonecarletti.com/blog/2016/02/things-about-letsencrypt/