Security News

Certificate authority DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation.

DigiCert has given some unlucky customers 24 hours to replace their SSL/TLS security certificates it previously issued them - due to a five-year-old blunder in its backend software. The Register has asked exactly how many domains this represents, and we'll let you know if DigiCert can come up with a number.

DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. DigiCert is one of the prominent certificate authorities that provides SSL/TLS certificates, including Domain Validated, Organization Validated, and Extended Validation certificates.

Certificate Watch Demonstrating that Microsoft is not alone in its inability to keep track of certificates is UK power market biz Elexon. Elexon is an important cog in the UK's wholesale electricity market machine and provides operational data via its Insight Solution platform.

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Announced last year, Google's proposal to reduce the lifespan of TLS certificates from 13 months to 90 days could be implemented in the near future. As a result, the new 90-day TLS certificate lifespan proposed by Google will have far-reaching impacts on three areas of corporate IT: DevOps, security and operations.

It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and adaptability. "EJBCA was created as an open-source project. The first version of the software was released as open source in December 2001. The ability to make a living from working with it and form a good company with many developers working on open source came later when the co-founders of PrimeKey and I realized that it was something we could do," Tomas Gustavsson, the creator of EJBCA, told Help Net Security.

Digital Certificates are not new. In this Help Net Security video, Andreas Brix, Senior Program Manager at GlobalSign, discusses why they are back in the news and what you should do about it. The...

The International Information System Security Certification Consortium and IBM teamed up on February 12 to launch the IBM and ISC2 Cybersecurity Specialist Professional Certificate, which can be earned through a free, four-month, beginner-level training course. IBM chose ISC2 to develop the certification program, which prepares potential cybersecurity professionals for a career in a cybersecurity specialist role.