Security News

Last week was a big one for non-profit digital certificate project Let's Encrypt - it issued its billionth certificate. Publicly announced in November 2014, Let's Encrypt offers TLS certificates for free.

Free and open certificate authority Let's Encrypt on Thursday issued its billionth certificate, four and a half years after issuing the first certificate. It provides free digital certificates and also handles the certificate management process for site owners.

Let's Encrypt, a free, automated, and open certificate signing authority from the nonprofit Internet Security Research Group, has said it's issued a billion certificates since its launch in 2015. Since late last year, Let's Encrypt has issued at least 1.2 million certificates each day.

DigiCert, the world's leading provider of TLS/SSL, IoT and PKI solutions, is upgrading channel partners to DigiCert CertCentral Partner, a comprehensive TLS certificate management solution for cloud and hosted environments. CertCentral helps partners customize and automate all stages of certificate lifecycle management for their end customers, as well as easily deliver new features and solutions, while simplifying business management.

That browser makers were voted down might explain why Apple has decided to enforce the change unilaterally, apparently against the wishes of the Certificate Authorities which issue certificates as a business. The browser makers are adamant that reducing validity is good for security because it reduces the time period in which compromised or bogus certificates can be exploited.

Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks.

"The complexity of managing those identities while keeping them securely connected to the business has created a critical trust gap - in many cases the keys and certificates designed to build trust are instead causing outages and security breaches." Digital certificates and keys ensure authenticity across enterprise user, application and device identities.

IoT devices are using weak digital certificates that could expose them to attack, according to a study released over the weekend.

Neustar, a global information services company and leader in identity resolution, has been approved as an initial Secure Telephone Identity Certification Authority (STI-CA). As an STI-CA, Neustar...

75% of DevOps professionals are concerned that policies for issuing certificates slow down development, and over a third (39%) believe developers should be able to circumvent these policies to...