SSL Installation

Jul 07

SSL Installation goes right and SSL Installation Goes wrong. Couple of days ago, when I tried to go to www.avast.com, I have found that they have directed all traffic to https://www.avast.com.

I have tried to browse couple of pages and get free Anti-virus for me but I found that something tribally goes wrong with their implementation of SSL certificate.

Each page I have tried to access getting above message. This can be because wrong configuration of SSL Certificate.

SSL Certificate Installation is easy but it requires you to choose each step confidently and check installation before your site goes to public.  This kind of installation would not help anyone. SSL Certificate provides you best option to secure your customer’s data but it requires a lot of efforts to for installation and maintenance.

SSL Installation is crucial part of web security. It requires you to check correct cipher as well as correct Installation. Make sure that your SSL is Install properly before making live. If you are having any images or link without HTTPS, your user would get error message while browsing website.

Internet Explorer will display error message stating that some content on URL is not secured.

Firefox will not show Padlock or Blue Bar or Green Bar Properly.


Google Chrome will show Red Sign with Crossed line on it to notify users that there is some non-secure content on page.

There is huge amount of documents are available from various vendors to check your SSL Certificate. I have came across one such website that is http://www.whynopadlock.com/ this is good website and provide good inside information about SSL Certificate installation.

Following is screenshot I got for avast.com

Avast Not working

Avast Not working

SSL Instalaltion  is writen is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Read More

EV SSL Certificate is Best (SSL Certificate Review-III)

Jun 21

Today I finally going to complete my article about EV or Extended Validated SSL Certificate:

What is EV SSL Certificate?

EV or Extended Validation or Green Bar SSL certificate is started in 2007 is currently most popular and secure SSL Certificate. It is because of process involve in getting EV SSL Certificate. It is one of the toughest process to get SSL Certificate. It not as easy as DV or Domain Vetted SSL Certificate .

You have to produce several business documents, Domain Related documents, Employments related documents. You have to be registered as organization only not individual cannot get this SSL Certificate.

Qualification of Certificate Authority:

As per CABrowser forum only qualified CAs can issue EV or Extended Validation certificate. Certificate Authority who pass an independent audit as part of their WebTrust (or equivalent) review can only offer Extended Validation SSL Certificate.

Qualification to Get Green Bar:

As commonly known Green Bar SSL Certificate requires many qualification criteria but following are couple of them:

  • Establish the legal identity as well as the operational and physical presence of website owner;
  • Establish that the applicant is the domain name owner or has exclusive control over the domain name; and
  • Confirm the identity and authority of the individuals acting for the website owner, and that documents pertaining to legal obligations are signed by an authorised officer.

There are many other criteria which requires any organization to pass to get Green Bar SSL Certificate. It depends upon Certificate Authority.

Benefit of Extended Validation (EV) SSL Certificate:

why one should get this and why one should trust this? There are two major benefit of trusting Green Bar SSL Certificate website

1) EV SSL Certificate notifies you that you are providing your important personal or financial details at legitimate website only.

2) You can know that owner of website have gone through process which is highly trusted and secured to get SSL Certificate.

Though, there are many benefits to get EV  Certificate but I am pointing to couple of known benefits:

1) DV, OV or EV there is not much technological or encryption wise different in SSL Certificate but EV has better advantage

2) Prevent your site visitors from fraud sites or phishing sites

3) Create trust in between your users that you are claiming what you are. You are legitimate provider not fraud company.

4) Green Bar will prevent your user to know to any other websites which has similar name e.g. paypal.com and paypal.abc.com user will know their mistake and know that they are putting information at wrong website which is fake.

How Green Bar SSL Certificate Looks Like?

Following are couple of images how SSL and non-EV Certificate looks like:

Extended Validation most secure certificate because of process it involves while getting SSL Certificate. It is always better to get SSL Certificate for your e-commerce website and EV Certificate is the best to do the business online. Make your customer secure and create high value of trust between you and your customer.

EV SSL Ceritficate Review is writen is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com,  MCITP, MCSE, MCSA)

Read More

SSL Review Part – II

May 15

Its been long I know, Its been 2 weeks since my last post was really busy with office work but as I said in my last post. I will try to write regularly about Security related things as I come across. To continue with my last blog post regarding SSL Review. Today, I am going to review Organization Vetted or Organization Verified SSL Certificate also called as OV SSL Certificate. Different vendors given it different brand name like Geotrust calls it as “True Business ID Certificate” while VeriSign calls it “Secure Site” or Comodo’s “Instant SSL Certificate” all vendors have given it different names.

Organization Vetted(OV) SSL Certificate

When SSL Certificate invented, they were issued against verification all organization documents.  As I read somewhere you have to provide as many documents as you are opening new back account or getting license to do certain business. This is medium trusted SSL Certificate not poorly issued Domain Vetted Certificate which requires only domain level authentication to get you unsafe SSL Certificate (Yes, Domain Vetted SSLs are untrusted).

OV SSL Certificate requires business documents and that means they are verified at certain level and you can trust them because it has verified organization which wants SSL Certificate not only domain level verification.

OV Requires certain documents which are as following. They may change Vendor to vendor.

1) Domain Verification if privacy protection is not that is not validated. You need to have privacy protection off

2) Third Party verification like Government Documents or Yello pages

3) Employee or issuer authorization letter by Organization.

There may be some more documents but above are generally requested by SSL Certificate vendors. organization vetted SSL Certificate generally takes 2 to 3 days to issue and you can install. This is general time given by vendors like Geotrust, Comodo, VeriSign, Trustwave, Entrust etc.

SSL Certificate are most required for person having e-commerce website and they are requested when they want PCI Compliance. SSL Certificates will help you to secure your clients data and Organization Vetted SSL Certificate is one of the best solution. The Best Solution which I like the most is EV or Extended Validation process which requires very high verification process or organization and that means it is secure. Organization Vetted SSL Certificate helps your customers to prevent against phishing attacks but Extended Validation will help you to make them to trust you more.

I will review Extended Validation soon and will provide you more information.

Write is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Read More

SSL Certificate Reviews

Apr 30

SSL Reviews

Guys, it has been 1 months since my last blog post was really busy with stuff related SSL Certificate. I was busy with some one. In past couple of days I have found that there are many SSL Certificate Reviews.

Most of SSL Certificate Reviews are regarding brands and service provided either by vendor or their partners. SSL Certificates are not reviewed as they are available forms. There are major three SSL Certificate Domain Vetted(Verified) SSL Certificate (DV SSL Certificates), Organization Vetted(Verified) SSL Certificates (OV SSL Certificates) and Extended Validated SSL Certificate (EV SSL Certificates).

I will review SSL Certificates as their type would be much better to make you understand what SSL Certificate you should trust more:

1) Domain Vetted(Verified)( SSL Certificate (DV SSL Certificate) :

Most sold SSL Certificates are Domain Vetted (Verified) SSL Certificate. Because it is cheaper and issued within couple of minutes. Does not require much documentation and anyone can get it. Need only phone verification or email verification to email which either belongs to whois or email address as following :

  • admin@domain
  • administrator@domain
  • webmaster@domain
  • hostmaster@domain
  • postmaster@domain
  • Plus any address listed in the technical or administrative contact field of the domain’s WHOIS record, regardless of the addresses’ domains.

Mozilla Firefox is not recommending this practice because this has security risk on this. Many SSL Certificate vendor uses for example person register domain for 2 years but gets SSL Certificate for 5 years. What will happen if domain expires and another person get that domain and person who had domain and uses existing SSL Certificate to misuse it using DNS spoofing. This is highest risk certificate, I personally don’t trust DV certificates. There is DV wildcard certificate. WildCard SSL Certificate can be used for phishing. Someone can use WildCard SSL certificate for phishing attack, like installing SSL Certificate for https://paypal.xyz.com and you trust this site as it has SSL Certificate and famous payment gateway. One who trust SSL Certificate would think this is Paypal site and will do transaction there. Hence, I would not recommend to trust DV SSL Certificate because one can get SSL Certificate easily and can manipulate with internet security.

I will write about Organization Vetted SSL Certificate and Extended Validated SSL Certificate in my next blog post stay tuned to learn more about the same.

Write is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

Comodo RA Compromised

Mar 31

I know it is too late to write about this but I came to know about this couple of days ago.

Comodo has confirmed that three registration authorities (RAs) affiliated with the company were compromised first reported on 23rd March 2011 by Iranian hacker to get fraud SSL Certificate for yahoo, google, Microsoft and Skype.

The Certificate was signed by third party without sufficient proof of identity and other information required.

The certificates could have been used by a fraudster to create a fake website that was able to bypass a browser’s validity mechanism and appear like the real thing to users.

Comodo has updated their most recent CRL (Certificate Revocation List) with removal of SSL Certificate.

Customers don’t need to do anything since the update is typically loaded automatically. As well, web browsers with the Online Certificate Status Protocol (OCSP) enabled will block the phony certificates from being used. Researcher Jacob Appelbaum first reported the problem to Comodo but withheld disclosure until the certification authority could remediate the issue.

The intruder, calling himself “Comodohacker,” has posted several lengthy documents on the text-sharing site Pastebin, offering up details about the incident. In the latest document, posted Tuesday, the hacker said it was a difficult infiltration that took time.

“From listed resellers of Comodo, I owned 3 of them,” the hacker wrote.

While rogue certificates were quickly revoked, the incident was serious enough to prompt Comodo to institute new controls and for the major web browsers – Mozilla’s Firefox, Microsoft’s Internet Explorer and Google’s Chrome – to issue updates to their browsers last week.

In response to rampant concerns about the trustworthiness of its certificate generation system from customers, browser companies and others in the security community, Comodo’s Alden said the company is in the process of rolling out hardware-based, two-factor authentication for its resellers to ward off attacks in the future.

The process could take several weeks to complete and, in the meantime, Comodo has promised to review all reseller validation work prior to issuing any certificates.

Mozilla, in particular, criticized Comodo for allowing RAs to issue certificates directly from the root that the company maintains, a practice that eliminated some possible attack mitigations. In response, Comodo said it plans to move away from this practice.

 

Read More

SSL Tools Website Part – II

Mar 04

SSL tools website part – II

After yesterday’s update about tools by ssltool.com. I am putting other tools details which would help you a lot with SSL Certificates and checking security of your SSL Certificate.

7) self-signed certificate generator (http://ssltool.com/?action=ssGenerate)

Do you want to generate self sign certificate? Here you go? this is great tool to generate self sign certificate for newbies who don’t want to run openssl commands to generate Self Sign Certificate. You can help self sign certificate in couple of minutes.

8) certificate and key match checker (http://ssltool.com/?action=modMatcher)

Check your Certificate key match. Certificate you got from your certificate vendor and key you have on your server this would be great to check Certificate before you installing it.

9) certificate root store list (http://ssltool.com/?action=certList)

Update Certificate root list in your server computer or check latest available root certificates available many of webservers still uses old certificate roots. which may cause problems.

SSLTools.com

Another good website I just came across ssltools.com. It allows you to check your CSR and Certificate. It is simple yet useful website which would help you to consider other option available to check your CSR.

There are many other SSL Related tools available. I will review other websites as well and update you about it. Till that time Happy Security..

Write Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

SSL Testing Websites and Tools

Feb 25

SSL Testing WebSites.

In past couple of months I have come across many websites which helped me a lot to test and check SSL Installation and CSR. I would like to share the same with you.  There are many sites but today I am sharing with you special website which I think helped me a lot with SSL/TLS Testing and CSR testing.  List of websites are as below. I will later share features which I used on these websites and other information

1) SSLTools.com

2) redkestrel.co.uk

3) SSLshopper.com

4) secure.comodo.net/utilities/

-> 1) SSLTools.com

 

This is very great website I came across in past couple of months. It has great tools are available on this website. Following are description for the same:

1) CSR Decoder (http://ssltool.com/?action=csrDecodeOpenSSL)

CSR Decoder is great tool to check your CSR and verify that information you have filled in is correct and will be shown when you have your certificate from vendors.

2) SSL Certificate Checker (http://ssltool.com/?action=sslCheckOpenSSL)

Have you installed your certificate and want to check it. Here is another great tool to help you with SSL Certificate. It provides immanence information about SSL Certificate and will be very helpful after SSL Certificate installation.

3) OpenSSL S_client connector (http://ssltool.com/?action=sslCheckRawOpenSSL)

Great tool to help you to check the latest about SSL Certificate using OpenSSL s_client option. This tool provide you information like certificate details, CA authority and other stuff.

4) openssl s_client connector with full certificate output (http://ssltool.com/?action=sslCheckRawCertsOpenSSL)

Do you want more information about Certificate with this tool it will be great for you to understand SSL Certificate you have installed on your web server.

5) SSL Certificate Decoder (http://ssltool.com/?action=sslCertDecodeOpenSSL)

Do you have certificate you received from Vendor. Paste it at above URL and you will get all information you want for SSL Certificate  you are going to install on your server before you install it on server.

6) CSR Generator (http://ssltool.com/?action=csrGenerate)

Do you want to generate your own CSR. This tool will help you to generate one CSR for your SSL Certificate.

I will share other options available on SSLTool.com with you and my option about other website at next blog soon.

Write Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More