SSL Certificate

3-Year SSL Certificates will go Extinct on March 1, 2018

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

The new maximum validity is now 27 months

Starting on March 1, 2018 you will no longer be able to purchase 3-year SSL certificates. This wasn’t our decision, it was made by the CA/Browser forum.

If you’ve never heard of the CA/B Forum before, that’s OK. Not many people have. It serves as the de facto regulatory body for digital certificates. That sounds a whole lot cooler than it really is. In reality, 95% of the time it’s just a bunch of nerds arguing about by-laws. Occasionally they meet in person, which leaves whatever conference space they’re in smelling like condescension and Clearasil.

But the other 5% of the time they make decisions that affect the entire industry. Like continuing to shorten the maximum validity period for SSL certificates. There was a time, back when the SSL industry was like the Wild West [Editor’s Note: Sorry, Carl has been on a Cowboy kick lately] that you could even get a five-year certificate.

But certificate lifespan is actually one of the only places where, in terms of size mattering, shorter is better.

Why Are Shorter SSL Certificate Validity Periods Better?

Technology changes frequently, it’s always advancing. So having a five or even a three-year certificate means you’re going to be going 3-5 years between updating your ciphers with stronger encryption. Case in point, a five-year-old certificate would still be using SHA-1. SHA-1 was deprecated a couple of years ago and then last year Google spent considerable resources to create a SHA-1 collision, which underscored the need to move to SHA-2.

With a three year certificate, some users would be going three years between updates. That’s never a good idea.

Beyond that, certificate authorities need to re-validate you regularly, this is so you can continue to be trusted. It’s not unlike how you occasionally have to back to the DMV to update the information on your driver’s license. Or at least you’re supposed to.

At any rate, your validation information is only good for 825 days. If it’s been longer than that you’ll have to pass validation again.

Explain this to me like I’m five, Carl

Ok, here goes:

  • Starting March 1, 2018, you can no longer purchase 3-year SSL certificates.
  • RapidSSLonline.com will stop selling 3-year SSL certificates on February 20.
  • Shorter lifespans allow for more up-to-date algorithms and ciphers
  • CAs can only use validation information for 27 months (825 days)
  • If it’s been longer than 825 days since your last validation, you will have to go through it again
  • If you purchase a 3-year certificate before the deadline and have to reissue it for any reason, it will revert to a two-year certificate and you will lose any remaining time beyond 825 days.

Stay cautious, my friends.

If you’re still serving your site over HTTP, Google hates you

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Starting in July all unencrypted web pages will be given a “Not Secure” indicator

If you haven’t installed an SSL certificate on your website, then you’re running out of time. Over the past couple of years, Google (and Mozilla) have been pushing HTTPS in a variety of ways.

Treatment of HTTP Pages

 

Continue reading If you’re still serving your site over HTTP, Google hates you

Solve it Yourself: Your Certificate Is Not Trusted Error

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
Loading...

SSL Certificate Not Trusted Error – Troubleshooting common SSL certificate mistakes

You’ve gone through all the trouble of researching what SSL certificate to purchase, you’ve been validated, gotten it issued and even installed it on your server. But now you’re receiving an error message, “Your SSL Certificate is not trusted.

Continue reading Solve it Yourself: Your Certificate Is Not Trusted Error

How to Check your SSL Certificate Details in all Major Browsers

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
Loading...

View SSL certificate in Chrome, Firefox, Safari & Edge/IE

Sometimes it’s important to read the label. Like before you purchase food at the super market or after you’ve already downed half-a-dozen pills. On the internet, things are no different. Sometimes when you arrive at a website it’s good to read the label.

Continue reading How to Check your SSL Certificate Details in all Major Browsers

How to Protect Your iPhone from Hackers

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

The steps you need to take to keep your iPhone safe

There was a time when “keeping your phone safe” just meant avoiding water, possibly sandy areas and above all else not accidentally stepping on it. That’s because back then phones our were phones were just phones. If you wanted to send a text message you had to tap it out on a number pad. We made emojis the old fashion way—with bits of punctuation. And we weren’t just snapshooting each other pics of our diddly bits all willy-nilly. [Editor’s Note: Hell of a sentence, Carl]

But that was then, this is now. And water damage is no longer the biggest threat to your cell phone. Hackers are? I guess?

So today I’m going to teach you how to protect your iPhone against hackers. No matter the fact that I think this fear is mostly born from a millennial misperception where people think they’re more interesting than they actually are. And that most of us will probably never have to worry about having our phones hacked and our nudes leaked across the internet like Jennifer Lawrence. [Editor’s Note: This is exactly why we DIDN’T ask your opinion on it]

Here’s how to protect your iPhone from Hackers

Keep your iOS up to date

Look, I get it. Those prompts that your cell phone gives you about needing to update are annoying. And it can totally take like, an hour, to finish sometimes. Just remember those lame excuses if you get hacked because your OS isn’t up to date. Apple pushes these updates for a reason. Sure, sometimes they add new features and re-arrange things, but they’re also the only way to forward along crucial security updates. Bugs and vulnerabilities get found, patched, updates get pushed.

If you’re not updating, and promptly, you’re leaving yourself vulnerable.

Active Find my iPhone

This is pretty much a default setting nowadays, and you may be wondering how an app that gives your phone’s location away may be helpful. Here’s how, if you ever lose your iPhone you can log on from a third-party device and wipe the contents of your phone. That’s a nice tool to have in your back pocket. Also, if you’re really that worried about someone getting your location you probably have bigger fish to fry.

Pick a Stronger Password

The four-digit pin you use to open your phone is woefully insecure. I have a one in 10,000 chance of guessing it the first time I try. Upping the ante to a six-digit pin helps a little, but the best way to go is with a passphrase that lets you use letters, numbers, and symbols. That really increases the level of difficulty it takes to get into your phone. To change from a pin to a passphrase, open the Settings app and go to General > Touch ID and Passcode > Change Passcode, tap ‘Passcode options‘ and select ‘Custom Alphanumeric Code.’

Activate Auto-Wipe

Unless you’re a drunk or have Parkinson’s [Editor’s Note: Carl…] If you can competently type your password within ten attempts then this next bit of advice is for you. If you scroll to the bottom of the Touch ID & Passcode section in Settings, you can toggle on “Erase Data.” Now, if anyone attempts to access your phone unsuccessfully more than ten times, your phone will completely wipe itself, rendering it useless to the hamfisted hacker. Of course, I wouldn’t advise this if you have young kids that play with your phone or are just clumsy.

Revoke App Permissions

If you’re like me then you pay absolutely no attention to what apps are asking to access what parts of your phone. That’s a huge mistake. Apparently, this is something we should be paying much closer attention to. While it is against Apple’s privacy policy for apps to collect personal information on you, sometimes things slip between the cracks. And when that happens, it’s better to be safe than sorry. So make sure you’re keeping an eye on what apps can access what and that you’re revoking permissions where necessary.

Disable Siri

Siri is cool, if you still need to be talking to your phone when there’s nobody on the other end. But there are also some potential pitfalls associated with the virtual assistant. Namely, she can provide hackers with your personal data. Granted, she usually asks you for verifications before granting access to your contacts or other parts of your phone, but some have found ways to use Siri to work around the password screen. Fortunately, disabling Siri is pretty easy, just head to Settings > Touch ID and Passcode and then toggle off “allow access when locked.

Turn Off AutoFill

Autofill is great because who wants to remember passwords. Just log in once, let Safari remember and you’re good to go from here on out. Right? Wrong. If a hacker gains access to your phone Autofill contains the login information to all your accounts all in one easy to access place. Don’t let this happen. Head to Settings > Safari > AutoFill and then toggle that bad boy off.

These are just a few tips to help you better secure your device from hackers. But you still have to use common sense. Opening random email attachments, following unknown links and exercising what is just generally bad behavior is still a good way to run intro trouble, even if you’ve followed these other steps.

So be smart.

Stay Cautious, My Friends.

How to Enable an SSL Certificate on iPhone or iPad

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.75 out of 5)
Loading...

Enable and view SSL certificates on an iPhone or iPad

Do you need to know how to enable SSL on your iPhone or iPad’s email accounts? You do! Good! Because I have a way to solve that exact problem.

Why am I armed with this knowledge? Well, because I was told to research it. So I went and purchased a new-fangled iPhone and an iPad and tinkered with it until I figured it out. No, that’s not true. I asked one of our systems applications specialists and he gave me a long answer that I will now attempt to relate to you in my charming, witty prose.

So, let’s start with how to enable SSL on an incoming mail server.

Enabling SSL on an incoming mail server

  • Start by going to Settings, it’s the little gray icon with some gears on it.
  • Click on “Mail, Contacts, Calendars.”
  • Choose the email account you’ll be securing.
  • Tap the email address listed beside “Account.”
  • Select “Advanced.”
  • Scroll down to “Use SSL,” it will be in the “Incoming Settings” section.
    • Note: If using IMAP, select Server Port 993, for POP use 995.

And that does it. Next let’s discuss how to enable SSL on an outgoing mail server.

Enabling SSL on an outgoing mail server

  • Start by going to “Settings
  • Click on “Mail, Contacts, Calendars.
  • Select the Email Account you’ll be securing.
  • Click SMTP under “Outgoing Mail Server.
  • Tap the primary server where the domain server name is assigned.
  • Enable “Use SSL.”
  • Set the Server Port to 465.
  • Tap Done.
  • Restart

And that’s that. Simple isn’t it?

Join me next week when I’ll talk about how to secure your iPhone.

Stay Cautious, My Friends

Certificate Authority Reviews for Better SSL Security Solutions

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Carl reviews trusted certificate authorities to help you decide on the right one

Picking the best certificate authority can be a difficult choice. Different brands are aimed at different demographics and you may not fit neatly into one. Maybe you’re a small business owner with six different companies. Maybe you’re an Enterprise but you just have a single website. Maybe you’re a yeti.

It doesn’t matter, I’m going to give you a rundown of the top CAs and help you decide for yourself which Certificate Authority is right for you.

Factors to Consider when Choosing a CA

There’s a range of factors for you to consider when choosing CAs. Before I review any, I’d like to cover the criterion I’m using to evaluate.

Pricepoint

Different CAs come in at different price points. While you have Symantec on one end offering premium products at premium prices. All the way on the other end you have Let’s Encrypt which will give a free SSL certificate to anyone. Literally anyone.

Range of Offerings

What types of certificates does the CA sell? Is it limited to just a single validation level? Do they offer wildcards? What about EV? Multi-Domain? This all matters and some CAs have broader offerings than others.

Reputation

The reputation of your CA may or may not matter to you. On one hand, if you go with a top CA like Symantec you get the brand recognition that comes with deploying the Norton Secure site seal. Other CAs lack that quality.

Reliability

How long has this CA been around? Has it faced regular punitive action from the CAB Forum? Can you trust that this CA will still be trusted next year? You need to pick a reliable CA.

Warranties

Does the CA back its products with substantial warranties or are you getting the bare minimum in protection. Some CAs offer as much as a $2-million dollar warranty. Others offer nothing.

Reviewing Trusted Certificate Authorities

Let’s take a look at the top CAs and try to decide what’s right for you.

Symantec

Symantec is the biggest player in the SSL industry in terms of name recognition and reputation. The Norton Secured seal that comes with every Symantec product has been proven as the most recognizable symbol on the internet. With Symantec you enjoy premium products at premium prices.

GeoTrust

GeoTrust is a business-minded CA with business-class solutions across every validation level and certificate type. GeoTrust has been around over a decade and has over 150,000 clients around the world. GeoTrust is owned by Symantec and is one step down its value ladder.

Thawte

Thawte enjoys a tremendous international reputation as the first CA to issue for internationalized domain names. Today Thawte has customers in over 180 countries and provides support throughout the Global workday. Thawte is a Symantec sub-brand.

RapidSSL

Rounding out the Symantec family is RapidSSL, the fastest issued DV certificates on the market. Thanks to its completely automated issuance process you can order a RapidSSL certificate and have it emailed to you within seconds. RapidSSL is perfect for small websites and companies that need gap coverage between higher-value certificates. A complete RapidSSL review will give you the perfect picture about RapidSSL CA.

Secure a website in Few Minutes

RapidSSL Logo

The Most Trusted and Reliable SSL Certificate Security for a website. Protect all website URLs with HTTPS in a few minutes.

GeoTrust SSL Certificates & Save 58%

Secure a website with world-class and the most trusted GeoTrust CA Certificates. It offers 256-bit encryption, dynamic site seal, unlimited server licenses, free reissuance, and more.

Shop for GeoTrust SSL Certificates

How to Generate a CSR Using Apache OpenSSL

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Step-by-step instructions for creating a Certificate Signing Request and Private Key

Need help creating a Certificate Signing Request (CSR) using OpenSSL commands on Apache? Good! You’ve come to the right place. A year ago, I probably couldn’t have helped you answer this question but good ol’ Carl has learned a thing or two about SSL certificates, CSRs and hopefully even something about Apache servers—or else this last part might be kind of tough.

Let’s start with your CSR. A Certificate Signing Request acts as sort of a de facto application for your certificate. The Certificate Authority that’s issuing the certificate will use the information contained in the CSR to fill out the certificate. That’s why it’s critical that every piece of information you put in your CSR is accurate. Any problem, even the tiniest grammatical miscalculation, can have catastrophic effects.

Ok, so maybe not like end-of-the-world catastrophic. I just like a little bit of hyperbole. It’s more of a “this was a waste of my time” disaster. So that’s my preface when you fill this CSR out, get it right. There’s nothing worse than having to do it all over again.

How to Generate a CSR Using Apache OpenSSL

For starters, you’ll need to have SSH access at server- and root-level permissions in order to generate your CSR and Private Key.

  1. Using Putty, connect to Apache Server SSH and login as root. Type the command below when prompted:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomainn.key -out yourdomain.csr
  1. The command should create two new files: a private key and a CSR. Keep a copy of your private key secure and then complete the CSR.

Note: The private key is thusly named because it needs to be kept safely. A compromised private key means a compromised SSL certificate.

You are now going to be asked to give some specific information:

  • Country Name (2 letter code) [XX]:
  • State or Province Name (full name) []:
  • Locality Name (city) [Default City]:
  • Organization Name (company) [Default Company Ltd]:
  • Organizational Unit Name (department, division) []:
  • Common Name (your name or your server’s hostname) []:
  • Email Address []:

Congratulations! After filling out the required fields, your CSR will be saved and is now ready for the CA.

 Other Important Resources

 

Apache SSL Certificates

RapidSSL Logo

Easy and quick issuance of Apache SSL Certificates. Protect a website through top DV SSL certificates in few minutes.

 

The Mega Guide on SSL Certificates for Best Encryption Knowledge

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Everything you need to know about SSL, encryption, and HTTPS

So, a while back I’m sitting at my desk and I get an email from this fellow on our Search Engine Optimization team. Sometimes the SEO team sends me suggestions on what to write. This particular piece of electronic mail suggested I work on “The Mega Guide on SSL Certificates for Best Encryption Knowledge.

Continue reading The Mega Guide on SSL Certificates for Best Encryption Knowledge