web analytics

Switch to SHA256 Soon

May 05

SSL uses several cryptographic hash algorithms to create encrypted channel to secure communication between client and server. At initial level it was MD5 hash algorithm that was being used for encryption channel.  Time moves and hacker found serious security related issues with MD5 as it was easily reversible. As preventive measure and to make internet more secure Certificate Authorities have been disallowed to issue MD5 hash algorithm signed SSL Certificates. This had been discovered in December 2008 by the group of hackers. They had used a weakness in the MD5 signatures algorithm to make fake SSL certificate.

After this incident Certificate Authorities had switched their SSL Certificate to SHA1 Algorithm. It has been 7 years that Certificate Authorities using SHA1 to Signed and issue certificate. But as The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be. It was found that it was cheaper and affordable to crack SHA-1 algorithm that is used by still many websites are using SHA-1 Signed SSL Certificate.

Many website have to contact their certificate authority (CA) to get their certificate reissued to with SHA256 Algorithm. Please note that if your Certificate Authority still uses SHA-1 in their Intermediate or Root SSL Certificate you will get error message. Please check following screenshot for the same:



Chrome SHA1 Error








World’s one of the most popular browser Chrome has already started process to sun-setting SHA-1 (as used in certificate signatures for HTTPS) HTTPS websites whose certificate chains use SHA-1 with displaying minor error.  However, Google Chrome minor error for sun-setting SHA-1 is the clear display that SHA1 is unsecure for SSL Certificate.

SHA-1’s use on the Internet has been deprecated since 2011, when the CA/Browser Forum, an industry group of leading web browsers and certificate authorities (CAs) are working together to establish basic security requirements for SSL certificates.

There are many tools available in on Internet to identify the issue regarding SHA1 Signed SSL certificate. You can always use them to check how much secure your SSL Certificate is and it will help you.

SHA Checker – https://www.shachecker.com/

SSL Labs – https://www.ssllabs.com/ssltest/

SSL is for security of your customers or website visitors and it is always better to keep your security up to date to make sure that your website visitors won’t feel insecure on your website and keep faith in your site to do online transaction.

It is always better to contact someone who has experience and expertise. The experience person will help you to choose right kind of SSL certificate.  Please check out my website for more about SSL Certificate benefits and what SSL Certificate is best for you. You can always contact me on learnmore@hackersafe.info.


Read More

Get Ranking Boost in Google with SSL Certificate

Apr 07

We all love our data security on the Internet and as result of this, we always prefer to have our internet safe and secure whether it’s on mobile browser or desktop. We used to gossip online, net banking, email communication, online shopping for festivals using this wider source internet. It is always amazing to be online and being owner of successful e-Commerce business. However, the priority of better data security comes first and ultimately, this data security becomes an essential cause after the algorithm changes release from Google about “An Impact of SSL certificate on Search Engine Ranking”. Now you can stay ahead of your competitors by just installing SSL Certificate on your website.

Google has dramatically change their algorithm with a crucial update of SSL certificate. Google official spoke person from Webmaster Trends Analysts, Zineb Ait Bahajji and Gary Illyes says that having website with SSL certificate will get Boost in Google Ranking and SSL can be one of the key factor. Publishing of any kind of website online, you’re going to benefit from using HTTPS.  These days, any small advantage over competitors will help webmasters to stay ahead and help website to get good visitors. As you are aware that SSL Certificate are not that costly nowadays. They are now affordable and easy to install.

Please note that Google ranking boost for using HTTPS applies to all sites, whether they have personal information or not. That means that even if your site doesn’t have a checkout page, login pages, or any financial or sensitive personal information, you can still get SEO benefits by installing an SSL Certificate on your site.

The Google has already published good how to do manual for SSL Certificate in their Help Center

Following are basic tips to get started:

  • Decide the kind of SSL certificate you need: single, multi-domain, or wildcard certificate. Please visit http://hackersafe.info for more information
  • Use 2048-bit key certificates. This is latest Standard SSL Certificate and it can secure up to 256 bit on encryption.
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag

 What is plus points of Having SSL Certificate Apart from Boost in Google Ranking?

For ecommerce website or something which requires users to enter their sensitive information like Username, Password, Credit Card Information, SSN Details and other detas that requires privacy and needs to be secured with proper encryption strength with the right kind of SSL. An SSL Certificate will boost up your conversion rates with users trust and confidence and thus increase your revenues. You are thinking that an SSL Certificates are costly but you have to keep these advantages while calculating your cost on SSL Security. An Extended Validation Certificate or Green Address Bar SSL Certificate as popularly known will help you to increase trust and confidence levels among website visitors and help you to improve your conversions rate. An average studies shows that the larger corporations may be needed Multi Domain SSL Certificate as they have many website and many public facing domains that now be secure using Single Domain and it is easy to manage Single SSL Certificate for all your website and easy with renewal and installation.

It is always better to contact someone who has experience and expertise. The experience person will help you to choose right kind of SSL certificate.  Please check out my website for more about SSL Certificate benefits and what SSL Certificate is best for you. You can always contact me on learnmore@hackersafe.info.


Read More

SSL Installation

Jul 07

SSL Installation goes right and SSL Installation Goes wrong. Couple of days ago, when I tried to go to www.avast.com, I have found that they have directed all traffic to https://www.avast.com.

I have tried to browse couple of pages and get free Anti-virus for me but I found that something tribally goes wrong with their implementation of SSL certificate.

Each page I have tried to access getting above message. This can be because wrong configuration of SSL Certificate.

SSL Certificate Installation is easy but it requires you to choose each step confidently and check installation before your site goes to public.  This kind of installation would not help anyone. SSL Certificate provides you best option to secure your customer’s data but it requires a lot of efforts to for installation and maintenance.

SSL Installation is crucial part of web security. It requires you to check correct cipher as well as correct Installation. Make sure that your SSL is Install properly before making live. If you are having any images or link without HTTPS, your user would get error message while browsing website.

Internet Explorer will display error message stating that some content on URL is not secured.

Firefox will not show Padlock or Blue Bar or Green Bar Properly.

Google Chrome will show Red Sign with Crossed line on it to notify users that there is some non-secure content on page.

There is huge amount of documents are available from various vendors to check your SSL Certificate. I have came across one such website that is http://www.whynopadlock.com/ this is good website and provide good inside information about SSL Certificate installation.

Following is screenshot I got for avast.com

Avast Not working

Avast Not working

SSL Instalaltion  is writen is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Read More

EV SSL Certificate is Best (SSL Certificate Review-III)

Jun 21

Today I finally going to complete my article about EV or Extended Validated SSL Certificate:

What is EV SSL Certificate?

EV or Extended Validation or Green Bar SSL certificate is started in 2007 is currently most popular and secure SSL Certificate. It is because of process involve in getting EV SSL Certificate. It is one of the toughest process to get SSL Certificate. It not as easy as DV or Domain Vetted SSL Certificate .

You have to produce several business documents, Domain Related documents, Employments related documents. You have to be registered as organization only not individual cannot get this SSL Certificate.

Qualification of Certificate Authority:

As per CABrowser forum only qualified CAs can issue EV or Extended Validation certificate. Certificate Authority who pass an independent audit as part of their WebTrust (or equivalent) review can only offer Extended Validation SSL Certificate.

Qualification to Get Green Bar:

As commonly known Green Bar SSL Certificate requires many qualification criteria but following are couple of them:

  • Establish the legal identity as well as the operational and physical presence of website owner;
  • Establish that the applicant is the domain name owner or has exclusive control over the domain name; and
  • Confirm the identity and authority of the individuals acting for the website owner, and that documents pertaining to legal obligations are signed by an authorised officer.

There are many other criteria which requires any organization to pass to get Green Bar SSL Certificate. It depends upon Certificate Authority.

Benefit of Extended Validation (EV) SSL Certificate:

why one should get this and why one should trust this? There are two major benefit of trusting Green Bar SSL Certificate website

1) EV SSL Certificate notifies you that you are providing your important personal or financial details at legitimate website only.

2) You can know that owner of website have gone through process which is highly trusted and secured to get SSL Certificate.

Though, there are many benefits to get EV  Certificate but I am pointing to couple of known benefits:

1) DV, OV or EV there is not much technological or encryption wise different in SSL Certificate but EV has better advantage

2) Prevent your site visitors from fraud sites or phishing sites

3) Create trust in between your users that you are claiming what you are. You are legitimate provider not fraud company.

4) Green Bar will prevent your user to know to any other websites which has similar name e.g. paypal.com and paypal.abc.com user will know their mistake and know that they are putting information at wrong website which is fake.

How Green Bar SSL Certificate Looks Like?

Following are couple of images how SSL and non-EV Certificate looks like:

Extended Validation most secure certificate because of process it involves while getting SSL Certificate. It is always better to get SSL Certificate for your e-commerce website and EV Certificate is the best to do the business online. Make your customer secure and create high value of trust between you and your customer.

EV SSL Ceritficate Review is writen is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com,  MCITP, MCSE, MCSA)

Read More

SSL Review Part – II

May 15

Its been long I know, Its been 2 weeks since my last post was really busy with office work but as I said in my last post. I will try to write regularly about Security related things as I come across. To continue with my last blog post regarding SSL Review. Today, I am going to review Organization Vetted or Organization Verified SSL Certificate also called as OV SSL Certificate. Different vendors given it different brand name like Geotrust calls it as “True Business ID Certificate” while VeriSign calls it “Secure Site” or Comodo’s “Instant SSL Certificate” all vendors have given it different names.

Organization Vetted(OV) SSL Certificate

When SSL Certificate invented, they were issued against verification all organization documents.  As I read somewhere you have to provide as many documents as you are opening new back account or getting license to do certain business. This is medium trusted SSL Certificate not poorly issued Domain Vetted Certificate which requires only domain level authentication to get you unsafe SSL Certificate (Yes, Domain Vetted SSLs are untrusted).

OV SSL Certificate requires business documents and that means they are verified at certain level and you can trust them because it has verified organization which wants SSL Certificate not only domain level verification.

OV Requires certain documents which are as following. They may change Vendor to vendor.

1) Domain Verification if privacy protection is not that is not validated. You need to have privacy protection off

2) Third Party verification like Government Documents or Yello pages

3) Employee or issuer authorization letter by Organization.

There may be some more documents but above are generally requested by SSL Certificate vendors. organization vetted SSL Certificate generally takes 2 to 3 days to issue and you can install. This is general time given by vendors like Geotrust, Comodo, VeriSign, Trustwave, Entrust etc.

SSL Certificate are most required for person having e-commerce website and they are requested when they want PCI Compliance. SSL Certificates will help you to secure your clients data and Organization Vetted SSL Certificate is one of the best solution. The Best Solution which I like the most is EV or Extended Validation process which requires very high verification process or organization and that means it is secure. Organization Vetted SSL Certificate helps your customers to prevent against phishing attacks but Extended Validation will help you to make them to trust you more.

I will review Extended Validation soon and will provide you more information.

Write is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Read More

SSL Certificate Reviews

Apr 30

SSL Reviews

Guys, it has been 1 months since my last blog post was really busy with stuff related SSL Certificate. I was busy with some one. In past couple of days I have found that there are many SSL Certificate Reviews.

Most of SSL Certificate Reviews are regarding brands and service provided either by vendor or their partners. SSL Certificates are not reviewed as they are available forms. There are major three SSL Certificate Domain Vetted(Verified) SSL Certificate (DV SSL Certificates), Organization Vetted(Verified) SSL Certificates (OV SSL Certificates) and Extended Validated SSL Certificate (EV SSL Certificates).

I will review SSL Certificates as their type would be much better to make you understand what SSL Certificate you should trust more:

1) Domain Vetted(Verified)( SSL Certificate (DV SSL Certificate) :

Most sold SSL Certificates are Domain Vetted (Verified) SSL Certificate. Because it is cheaper and issued within couple of minutes. Does not require much documentation and anyone can get it. Need only phone verification or email verification to email which either belongs to whois or email address as following :

  • admin@domain
  • administrator@domain
  • webmaster@domain
  • hostmaster@domain
  • postmaster@domain
  • Plus any address listed in the technical or administrative contact field of the domain’s WHOIS record, regardless of the addresses’ domains.

Mozilla Firefox is not recommending this practice because this has security risk on this. Many SSL Certificate vendor uses for example person register domain for 2 years but gets SSL Certificate for 5 years. What will happen if domain expires and another person get that domain and person who had domain and uses existing SSL Certificate to misuse it using DNS spoofing. This is highest risk certificate, I personally don’t trust DV certificates. There is DV wildcard certificate. WildCard SSL Certificate can be used for phishing. Someone can use WildCard SSL certificate for phishing attack, like installing SSL Certificate for https://paypal.xyz.com and you trust this site as it has SSL Certificate and famous payment gateway. One who trust SSL Certificate would think this is Paypal site and will do transaction there. Hence, I would not recommend to trust DV SSL Certificate because one can get SSL Certificate easily and can manipulate with internet security.

I will write about Organization Vetted SSL Certificate and Extended Validated SSL Certificate in my next blog post stay tuned to learn more about the same.

Write is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

Comodo RA Compromised

Mar 31

I know it is too late to write about this but I came to know about this couple of days ago.

Comodo has confirmed that three registration authorities (RAs) affiliated with the company were compromised first reported on 23rd March 2011 by Iranian hacker to get fraud SSL Certificate for yahoo, google, Microsoft and Skype.

The Certificate was signed by third party without sufficient proof of identity and other information required.

The certificates could have been used by a fraudster to create a fake website that was able to bypass a browser’s validity mechanism and appear like the real thing to users.

Comodo has updated their most recent CRL (Certificate Revocation List) with removal of SSL Certificate.

Customers don’t need to do anything since the update is typically loaded automatically. As well, web browsers with the Online Certificate Status Protocol (OCSP) enabled will block the phony certificates from being used. Researcher Jacob Appelbaum first reported the problem to Comodo but withheld disclosure until the certification authority could remediate the issue.

The intruder, calling himself “Comodohacker,” has posted several lengthy documents on the text-sharing site Pastebin, offering up details about the incident. In the latest document, posted Tuesday, the hacker said it was a difficult infiltration that took time.

“From listed resellers of Comodo, I owned 3 of them,” the hacker wrote.

While rogue certificates were quickly revoked, the incident was serious enough to prompt Comodo to institute new controls and for the major web browsers – Mozilla’s Firefox, Microsoft’s Internet Explorer and Google’s Chrome – to issue updates to their browsers last week.

In response to rampant concerns about the trustworthiness of its certificate generation system from customers, browser companies and others in the security community, Comodo’s Alden said the company is in the process of rolling out hardware-based, two-factor authentication for its resellers to ward off attacks in the future.

The process could take several weeks to complete and, in the meantime, Comodo has promised to review all reseller validation work prior to issuing any certificates.

Mozilla, in particular, criticized Comodo for allowing RAs to issue certificates directly from the root that the company maintains, a practice that eliminated some possible attack mitigations. In response, Comodo said it plans to move away from this practice.


Read More