Unauthorized Certificate Authorities Struggle

September 24, 2013 | By Editor 


With a large group of certificate authorities competing in the industry, it is evident that only branded companies and experts who are in the industry for years are capable of meeting the much needed baseline requirements. Those who are relatively new to the scenario and are yet to be officially authorized are finding it hard to meet this baseline which is important for SSL Certificates to protect consumers as they are supposed to. Billions of transactions are being carried out online every day and only CA can issue certs which encrypt the data transferred to keep things private.

Even a single data leaked to the hacker can lead to devastating results which is why proper security measures is mandatory. Baseline requirements according to the CAB or certificate authority browser forum include RSA public key, SAN extension, validity period and OCSP URL.

The public key used for SSL Certificates should not be short because hackers can instantly gain access by breaking the privacy barrier and access the information provided within. Decrypt communication process becomes easier when these are too short which is why they suggest using only 2048 bit encryption that fixes vulnerabilities.

Hackers can hardly gain access into such tight levels of security and only when they use longer keys, it is deemed to meet baseline requirements as suggested by the CAB forum. Subject common name field should not contain the hostname in which a valid certificate is present. Similarly when OCSP URL is missing, it is prone to vulnerability and hackers may instantly enter the network to control the encryption process in their favor.

Non-compliant SSL Certificates are being issued by certified authorities who have a strong name in the industry and are considered to be reliable. In the list released by the official community, even though plenty of known names are listed, Comodo has been considered reliable and certified as one of the most trusted ones available. Others who are complained for issuing certificates that doesn’t meet baseline requirements include GoDaddy, Symantec and Verizon. They are the most popular players in the scenario yet have failed to implement these security measures which declare that only Comodo is the most reliable of them all. The company with over a decade experience in the certificate authority and the initiator of CAB or certificate authority browser forum not only offers fully compliant secure certificates but also products that are extremely affordable by everyone.

ssl certificate

Posted in Technology

Be Sociable, Share!

Leave a Comment


* fields are mandatory