-
Listen Now
EPISODE 73
Broadcast Date:
March 13, 202021 minutes
Podcast Mar 13, 2020Root Causes 73: Apple to Drop Support for Two-year SSL Certificates
Apple announced it will distrust TLS certificates issued with terms over thirteen months for its products. We discuss this change and its implications.
-
Learn More
Sectigo Code Signing Authentication Evolves
A Blog Post from Sectigo
Blog Post Jan 07, 2020Some Sectigo Code Signing certificate subscribers have opined recently that our Code Signing authentication now includes additional steps and requirements it did not have in previous years. This observation is accurate. Sectigo of recent has increased its process and requirements for obtaining Code Signing certificates.
-
Learn More
Sectigo to Remove Brand Information from DV Certificates
A Notification from Sectigo
Notification Dec 12, 2019Sectigo recently announced that we will make a change to our issuance practices to remove “static” brand and hosting information from the OU fields of our Domain Validation (DV) certificates. These descriptors include the brand name of the certificate (e.g. “PositiveSSL”) and the name of the hosting provider (e.g. “Hosted by NAME”).
-
Listen Now
EPISODE 56
Broadcast Date:
December 9, 201923 minutes
Podcast Dec 09, 2019Root Causes 56: 2019 Lookback - Evolving Cryptography
2019 saw important changes in the world's cryptographic standards. Join our hosts as they talk about what 2020 may hold in terms of evolving cryptography.
-
Listen Now
EPISODE 45
Broadcast Date:
October 17, 201923 minutes
Podcast Oct 17, 2019Root Causes 45: What Is the CA/Browser Forum?
SSL certificate practices are governed by the rules of the CA/Browser Forum; what is this forum, who is in it, and where does it get its authority?
-
Blog Post Sep 03, 2019
Sectigo Votes in Favor of One-Year SSL Certificate Term Limit
After careful consideration, Sectigo has decided to vote in favor of CA/Browser Forum (CABF) ballot SC22, which seeks to limit the allowed duration of TLS / SSL certificates to 397 days, or about thirteen months. It is a complex issue with pros and cons for both outcomes. This post will spell out our reasons for voting as we have.
-
Listen Now
EPISODE 33
Broadcast Date:
August 18, 201917 minutes
Podcast Aug 18, 2019Root Causes 33: Prepare for One-Year Limits on SSL Certificates
A proposed CA/Browser Forum ballot stands to limit SSL certificates to 13 months. Learn what such a change might mean to IT professionals everywhere.
-
Blog Post Aug 14, 2019
Be Prepared for One-Year SSL Certificate Duration
A recent CA/Browser Forum ballot sponsored by Google stands to limit SSL certificate lifespans to 397 days starting in March 2020. Should this pass, organizations using two-year SSL certificates will need to change their practices to only one-year certificates moving forward. Fortunately, automation options are available.
-
Listen Now
EPISODE 24
Broadcast Date:
June 27, 201916 minutes
Podcast Jun 27, 2019Root Causes 24: Certificate Revocation
Certificate revocation is an essential part of the certificate lifecycle. Join our hosts as they discuss revocation by the CA, code signing, and malware.
-
Listen Now
EPISODE 19
Broadcast Date:
May 29, 201914 minutes
Podcast May 29, 2019Root Causes 19: Death of a Public CA
Mozilla has decided to remove a public CA from its trusted root store, rendering public certificates from this CA valueless for almost all use cases.
-
Blog Post Mar 26, 2019
Why CAs Charge More for Extended Validation SSL
Extended Validation (EV) SSL certificates are one of three standard SSL certificate types issued by Certificate Authorities: DV, OV, and EV. What makes EV certificates different from the others is that they provide the highest assurance that the domain is NOT associated with a bad actor. When users see a company-branded address bar next to the URL, they can know that they are on a trusted domain.
So is an EV SSL certificate right for you? In order to determine this, it’s important to understand why the cost is higher than other certificate options, the unique value it provides, and how the issuance process works.
-
Listen Now
EPISODE 09
Broadcast Date:
March 25, 201915 minutes
Podcast Mar 25, 2019Root Causes 09: 63-bit Serial Numbers
A recently discovered flaw in common practices reveals that potentially millions of active SSL certificates fall short of cryptographic requirements.