When Extended Validation (EV) SSL first launched in 2007 people began to refer to the "green address bar." Browser interfaces have evolved since then. Perhaps the way we refer to how these TLS certificates display should evolve as well.
In order to introduce automation in your network, you do not want to disrupt your existing environment too much. You may already have auto-enrollment and auto-renewal set up in your Windows environment using the Microsoft CA. While this takes care of your internal (private) certificates, you'll have to choose another vendor for your publicly trusted SSL certificate needs. Why deal with managing multiple vendors? You can drop a Sectigo Proxy in your Windows Active Directory server and start issuing both public and private certificates from us.
It is tempting for the enterprise to use S/MIME without automated certificate management in hopes of saving some money by requiring employees to share the burden of managing certificates - but encryption and digital signatures are the best way to ensure the integrity and privacy of email communication. Using S/MIME for encryption allows both sender and recipient to utilize their existing S/MIME capable email applications with their familiar capabilities.
One objection that is raised against Extended Validation Extended Validation (EV) SSL is that, for any given Certificate Authority, it tends to cost more than an Organization Validation (OV) or Domain Validation (DV) certificate. One element of this objection is that people would rather pay less than more for things in general, but the other is the idea that somehow it’s unfair for CAs to charge more for EV than OV. The difference comes down to a fairness argument.
Industry PKI experts recently have discovered a flaw in certificate generation practices that employ the commonly used EJBCA CA tool, which can result in serial numbers with 63 bits of entropy as opposed to the 64 bits required by public certificate guidelines. Episodes like this one put a spotlight on the value of automation in certificate practices. Automated capabilities enable the consistently correct maintenance, revocation, and replacement of a large number of certificates with little human interaction required.
Industry PKI experts recently have discovered a flaw in certificate generation practices that employ the commonly used EJBCA CA tool, which can result in serial numbers with 63 bits of entropy as opposed to the 64 bits required by public certificate guidelines. News reports indicate that several certificate issuers are affected. We would like to clarify that NO active public certificates from Sectigo are subject to this flaw.
A recent study by Georgia State University suggests that criminal online marketplaces feature a steady supply of TLS/SSL certificates from all major public CAs. Sectigo is eager to work with researchers like these and others to help reveal criminal activity and create strategies to mitigate its effectiveness without preventing legitimate business from benefiting from public certificates.
Edward Giaquinto, our CIO, has been appointed Advisory Board Member at Rutgers University’s Cybersecurity Program. The Program is designed to train and develop professionals to manage cybersecurity issues within an organization, preparing them to analyze, manage and build cybersecurity competencies that can protect the organization.
