SSLTrust

CASC’s London Protocol for Enhancing Identity Assurance


The London protocol refers to a treaty or agreement signed in London. One such agreement was recently signed with the aim of minimizing phishing activities on identity websites and improving management assurance. The protocol was launched by the Certificate Authority Council (CASC). A rise in phishing attacks motivated CASC certificate authorities to develop the London protocol. The objective of developing the London protocol was to strengthen the difference between identity websites and the encrypted websites that use domain validated certificates…

Continue Reading

Trustico requests over 50,000 Certificates to be revoked


Currently there is a lot of talk and upset customers in the online security field due to over 23,000 Certificate suddenly being revoked. Below is an outline of the events within the last month leading to this event. On February 2nd an official at DigiCert received a request from Trustico to revoke over 50,000 Certificates that had been issued through the reseller Trustico. DigiCert then needed to confirm that either the keys were compromised or that they revocation was authorized by the…

Continue Reading

3 year SSL Certificates being discontinued


At the moment you can purchase a 1,2 or 3 year term for new and renewal SSL Certificates. This will soon be changing with the CAB Forum Ballot 193. The CAB Forum is the governing body that sets many rules and guidelines for the issuance of SSL Certificates. It is comprised of a group of leading individuals from Certificate Authorities and Browsers. On March 1st, 2017 they released the document Ballot 193, proposed by Entrust, outlining the move to the…

Continue Reading

Symantec, GeoTrust, Thawte and RapidSSL Certificates needing to be reissued.


As of October 31st 2017 DigiCert completed the acquisition of Symantec’s Certificate Authority business. This also includes GeoTrust, Thawte and RapidSSL. This acquisition came about after google announced they will be distrusting Symantec Certificates ( only certificates issued prior to December 1st 2017 ) due to questionable website authentication certificates issued by Symantec Corporation’s PKI. You can read more about it here. Chrome’s gradual distrust of existing Symantec certificates in question will occur in two stages. The First Stage with…

Continue Reading

Google Chrome Marking HTTP as non-secure


To help web users browse websites more safely, Google Chrome displays a lock icon in the address bar to indicate a website secured by an SSL Certificate ( HTTPS ). Google Chrome had not shown HTTP connections as non-secure until January 2017; This is when Google started to push updates to their chrome browser to better indicated to their users if a website is secure or not. If a web page collects passwords or credit cards via a non-secure connection…

Continue Reading

Setup Squid Forward Proxy


If you’re reading this article, you’re probably frustrated  by the lack of relevant information about Squid, a very popular forward proxy. Some of these frustrations involve major usability changes occurring after minor software revisions, misconceptions about what’s actually happening behind-the-scenes, and genuinely poor documentation. This aims to be a comprehensive primer which will get you up and running with Squid. First though, why might you want to use a forward proxy? Back in the day, it used to be very…

Continue Reading

Is your wordpress blog secure from hackers?


WordPress is one of the most popular website platform for creating websites and blogs.  The reason for its popularity is obviously is the ease of use, maintaining it and also updating content to it. Every popular software, becomes a target of criminals automatically due to widespread use of it and many users actually using it. Brute password discovery and PHP MySql vulnerabilities is often the most popular illegal entry door for criminals looking to break into your blog or website…

Continue Reading

Generate and Install Code Signing Certificates for Windows and Java


Usually when we think about SSL/TLS and certificates the first thing that comes to mind are the certificates used by a web server – and this makes sense because it is by far the most common usage for them. However, the specification for x.509 certificates has a lot of other uses as well. To recap, a certificate is the public key in a public/private keypair (usually generated with RSA or ECDSA). A code signing certificate is a special kind of…

Continue Reading

Setup Reverse Proxy on Windows Server: ARR in IIS and the WAP remote access role


Previously, we took at look at how reverse (both terminating and non-terminating) are handled in the Linux world. In Windows though, we have two very viable options supported by Microsoft without using any third party software. These are respectively, the Web Application Proxy (part of the Remote Access Role), and ARR, a plugin for IIS. Web Application Proxy: The Web Application Proxy (WAP in typical parlance) is incredibly intuitive and easy to use. Publishing a “passthrough” is a simple unauthenticated…

Continue Reading

HAProxy TCP Reverse Proxy Setup Guide (SSL/TLS Passthrough Proxy)


This is Part 2 of our reverse proxy setup guides. Part 1 for NGINX can be found here. HAProxy is an incredibly versatile reverse proxy that’s capable of acting as both an HTTP(S) proxy like above, and a straight TCP proxy which allows you to proxy SSL connections as-is without decrypting and re-encrypting them (terminating). It doesn’t require a wild card (or any certificate, since the cert and private key live exclusively on the backend), but you lose the ability…

Continue Reading

Older Posts