web analytics

SSL Certificate Reviews

Apr 30

SSL Reviews

Guys, it has been 1 months since my last blog post was really busy with stuff related SSL Certificate. I was busy with some one. In past couple of days I have found that there are many SSL Certificate Reviews.

Most of SSL Certificate Reviews are regarding brands and service provided either by vendor or their partners. SSL Certificates are not reviewed as they are available forms. There are major three SSL Certificate Domain Vetted(Verified) SSL Certificate (DV SSL Certificates), Organization Vetted(Verified) SSL Certificates (OV SSL Certificates) and Extended Validated SSL Certificate (EV SSL Certificates).

I will review SSL Certificates as their type would be much better to make you understand what SSL Certificate you should trust more:

1) Domain Vetted(Verified)( SSL Certificate (DV SSL Certificate) :

Most sold SSL Certificates are Domain Vetted (Verified) SSL Certificate. Because it is cheaper and issued within couple of minutes. Does not require much documentation and anyone can get it. Need only phone verification or email verification to email which either belongs to whois or email address as following :

  • admin@domain
  • administrator@domain
  • webmaster@domain
  • hostmaster@domain
  • postmaster@domain
  • Plus any address listed in the technical or administrative contact field of the domain’s WHOIS record, regardless of the addresses’ domains.

Mozilla Firefox is not recommending this practice because this has security risk on this. Many SSL Certificate vendor uses for example person register domain for 2 years but gets SSL Certificate for 5 years. What will happen if domain expires and another person get that domain and person who had domain and uses existing SSL Certificate to misuse it using DNS spoofing. This is highest risk certificate, I personally don’t trust DV certificates. There is DV wildcard certificate. WildCard SSL Certificate can be used for phishing. Someone can use WildCard SSL certificate for phishing attack, like installing SSL Certificate for https://paypal.xyz.com and you trust this site as it has SSL Certificate and famous payment gateway. One who trust SSL Certificate would think this is Paypal site and will do transaction there. Hence, I would not recommend to trust DV SSL Certificate because one can get SSL Certificate easily and can manipulate with internet security.

I will write about Organization Vetted SSL Certificate and Extended Validated SSL Certificate in my next blog post stay tuned to learn more about the same.

Write is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

Comodo RA Compromised

Mar 31

I know it is too late to write about this but I came to know about this couple of days ago.

Comodo has confirmed that three registration authorities (RAs) affiliated with the company were compromised first reported on 23rd March 2011 by Iranian hacker to get fraud SSL Certificate for yahoo, google, Microsoft and Skype.

The Certificate was signed by third party without sufficient proof of identity and other information required.

The certificates could have been used by a fraudster to create a fake website that was able to bypass a browser’s validity mechanism and appear like the real thing to users.

Comodo has updated their most recent CRL (Certificate Revocation List) with removal of SSL Certificate.

Customers don’t need to do anything since the update is typically loaded automatically. As well, web browsers with the Online Certificate Status Protocol (OCSP) enabled will block the phony certificates from being used. Researcher Jacob Appelbaum first reported the problem to Comodo but withheld disclosure until the certification authority could remediate the issue.

The intruder, calling himself “Comodohacker,” has posted several lengthy documents on the text-sharing site Pastebin, offering up details about the incident. In the latest document, posted Tuesday, the hacker said it was a difficult infiltration that took time.

“From listed resellers of Comodo, I owned 3 of them,” the hacker wrote.

While rogue certificates were quickly revoked, the incident was serious enough to prompt Comodo to institute new controls and for the major web browsers – Mozilla’s Firefox, Microsoft’s Internet Explorer and Google’s Chrome – to issue updates to their browsers last week.

In response to rampant concerns about the trustworthiness of its certificate generation system from customers, browser companies and others in the security community, Comodo’s Alden said the company is in the process of rolling out hardware-based, two-factor authentication for its resellers to ward off attacks in the future.

The process could take several weeks to complete and, in the meantime, Comodo has promised to review all reseller validation work prior to issuing any certificates.

Mozilla, in particular, criticized Comodo for allowing RAs to issue certificates directly from the root that the company maintains, a practice that eliminated some possible attack mitigations. In response, Comodo said it plans to move away from this practice.

 

Read More

SSL Tools Website Part – II

Mar 04

SSL tools website part – II

After yesterday’s update about tools by ssltool.com. I am putting other tools details which would help you a lot with SSL Certificates and checking security of your SSL Certificate.

7) self-signed certificate generator (http://ssltool.com/?action=ssGenerate)

Do you want to generate self sign certificate? Here you go? this is great tool to generate self sign certificate for newbies who don’t want to run openssl commands to generate Self Sign Certificate. You can help self sign certificate in couple of minutes.

8) certificate and key match checker (http://ssltool.com/?action=modMatcher)

Check your Certificate key match. Certificate you got from your certificate vendor and key you have on your server this would be great to check Certificate before you installing it.

9) certificate root store list (http://ssltool.com/?action=certList)

Update Certificate root list in your server computer or check latest available root certificates available many of webservers still uses old certificate roots. which may cause problems.

SSLTools.com

Another good website I just came across ssltools.com. It allows you to check your CSR and Certificate. It is simple yet useful website which would help you to consider other option available to check your CSR.

There are many other SSL Related tools available. I will review other websites as well and update you about it. Till that time Happy Security..

Write Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

SSL Testing Websites and Tools

Feb 25

SSL Testing WebSites.

In past couple of months I have come across many websites which helped me a lot to test and check SSL Installation and CSR. I would like to share the same with you.  There are many sites but today I am sharing with you special website which I think helped me a lot with SSL/TLS Testing and CSR testing.  List of websites are as below. I will later share features which I used on these websites and other information

1) SSLTools.com

2) redkestrel.co.uk

3) SSLshopper.com

4) secure.comodo.net/utilities/

-> 1) SSLTools.com

 

This is very great website I came across in past couple of months. It has great tools are available on this website. Following are description for the same:

1) CSR Decoder (http://ssltool.com/?action=csrDecodeOpenSSL)

CSR Decoder is great tool to check your CSR and verify that information you have filled in is correct and will be shown when you have your certificate from vendors.

2) SSL Certificate Checker (http://ssltool.com/?action=sslCheckOpenSSL)

Have you installed your certificate and want to check it. Here is another great tool to help you with SSL Certificate. It provides immanence information about SSL Certificate and will be very helpful after SSL Certificate installation.

3) OpenSSL S_client connector (http://ssltool.com/?action=sslCheckRawOpenSSL)

Great tool to help you to check the latest about SSL Certificate using OpenSSL s_client option. This tool provide you information like certificate details, CA authority and other stuff.

4) openssl s_client connector with full certificate output (http://ssltool.com/?action=sslCheckRawCertsOpenSSL)

Do you want more information about Certificate with this tool it will be great for you to understand SSL Certificate you have installed on your web server.

5) SSL Certificate Decoder (http://ssltool.com/?action=sslCertDecodeOpenSSL)

Do you have certificate you received from Vendor. Paste it at above URL and you will get all information you want for SSL Certificate  you are going to install on your server before you install it on server.

6) CSR Generator (http://ssltool.com/?action=csrGenerate)

Do you want to generate your own CSR. This tool will help you to generate one CSR for your SSL Certificate.

I will share other options available on SSLTool.com with you and my option about other website at next blog soon.

Write Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

Venafi Survey: 78% of Organizations Experienced Downtime Due to Mismanaged Encryption This Year

Jan 21

View the original article here

Read More