Contact us at |

SSL Dragon Blog - Industry News

OV Code Signing Certificates to be Issued on Real Devices

OV Code Signing certificates are to software developers like SSL certificates are to a website. Without them, the publisher remains unknown, while the code is highly susceptible to cyber-attacks. As is with any PKI product, protecting Code signing keys is essential. But just like with regular SSL certs, sometimes the keys fall into the wrong [...]

Microsoft 365 services to replace Root Certificate in 2025

Root SSL certificates are at the core of the SSL chain of trust. Certificate Authorities use them to issue server certificates to end-users. Browsers and apps include root certs in their installation pack and can swiftly revoke them during security incidents. CAs replace root certificates well in advance before they expire. Certificate Authorities store the [...]

Apple and Meta Caught in a Data Leak Blunder

Apple and Meta are two companies you least expect to be scammed. But it's not the first time Big Tech giants are making the headlines for the wrong reasons. This time, hackers pretending to be law enforcement officials obtained customer data from the two powerhouses. The same group has also targeted Snap Inc and the [...]

Organizational Unit Fields to be Removed from SSL Certificates

Since the introduction of SSL by Netscape in 1994, digital certificates have grown along with the entire Web. Through trials and errors, innovations, and adjustments, the SSL certificates have been constantly refined to meet the most rigorous security needs. The reduction of SSL validity to just one year and the removal of the green address [...]

Firefox SSL Error Makes Unaccessible

SSL errors are never a pretty sight. You may encounter one in the most unexpected places, as no one is “immune” from them, even powerhouses such as Microsoft. This week, Mozilla Firefox web browser users could not access and its subdomains. Reports worldwide indicated that the error stemmed from Firefox itself, as all Microsoft [...]

File-Based Wildcard Validation to be discontinued in November

All commercial Certificate Authorities require Domain Control Validation (DCV) before issuing an SSL certificate. Up until now, you could choose one of three methods to confirm domain ownership. But starting from November 15, you will no longer be able to use the HTTP/HTTPS hashing method for validating Wildcard domains. You’re left with two options: Email-based [...]

Let’s Encrypt faces compatibility issues with older Android devices

Update: Let’s Encrypt has found a solution that allows Android devices to remain compatible with their certificates. You can read about the extended compatibility here. Since its inception, Let’s Encrypt has issued over a billion free certificates worldwide. The open-source CA has greatly contributed to HTTPS adoption; however, it hasn’t always been smooth sailing. Now, [...]

Firefox 83 brings HTTPS-Only Mode to Users

HTTPS has long become mandatory for websites of all types and sizes. Ever since Chrome began flagging HTTP sites as not secure, HTTPS adoption has skyrocketed. Today, the encrypted traffic across Google has surpassed the 90% mark. While this figure is impressive, outside of Google, in the Web wilderness, plenty of unsecured websites and legacy [...]

Your Last Chance to Get a 2-Year SSL Certificate

Beginning September 1, 2020, all TLS/SSL certificates will have a 1-year validity. That’s 13 months or 398 days when you add up the extra 30 days during renewals or replacements. However, with an SSL subscription, you can still get a 2-year SSL certificate. We'll show you how further down the line. The current TLS/SSL lifespan, [...]

Chrome and Firefox remove the EV SSL Green Bar

Since the CA/Browser forum officially ratified the first version of Extended Validation (EV) SSL Guidelines in 2007, EV certificates have been of great benefit to e-stores, financial institutions, enterprises, and even smaller companies. The EV indicator (green address bar) was specifically designed next to the URL to highlight the official company’s name. The CAs thought [...]

Let’s Encrypt Bug Makes One Million Certificates Non-compliant

Let’s Encrypt is a popular, free, and open-source Certificate Authority run by Internet Research Security Group (ISRG) with more than one billion certificates issued to websites worldwide. While no one denies the company’s enormous contribution to HTTPS adoption across the WEB, unfortunately, Let’s Encrypt certificates aren’t immune to bugs or malicious exploitation. The latest setback [...]

Apple’s Safari Browser to Limit SSL Validity to One Year

The lifespan of SSL certificates has always been a hot topic. Initially set at 5 years for Domain Validation and Business Validation certificates, the SSL validity was first reduced to 4 years during the migration from SHA-1 to SHA-256 hash algorithm. Then, in 2015, it was capped at three years, and finally, in 2018, reduced [...]

61% of World’s Politicians don’t use HTTPS

SSL certificates have become an essential security element to any site. With HTTPS now mandatory, stumbling upon an unsecured website has become such a rare occurrence that users are now suspicious of the lack of security standards and professionalism whenever they visit a site over HTTP.  With Chrome and other popular browsers flagging HTTP websites [...]

Sectigo Acquires Icon Labs and Launches IoT security Platform

Sectigo (formerly Comodo CA) has acquired Icon Labs, a security company providing cross-platform solutions for embedded OEMs (Original Equipment Manufacturers) and IoT (Internet of Things) device manufacturers.  With the IoT market expected to reach more than 75 million devices by 2025, securing connected devices across an ecosystem has become a top priority for the leading [...]

Firefox 66 update redesigns SSL error messages

Firefox 66, the latest version of the popular browser introduced several new features including block autoplay (prevents a website from automatically playing sound), improved search experience, smoother scrolling, and many more. The new release also came with redesigned SSL error messages to help users better understand the risks of an unsecure connection. If the Firefox [...]

Comodo CA rebrands as Sectigo

Comodo CA, one of the world’s largest Certificate Authorities with more than 3 million customers in 150 countries, has rebranded as Sectigo.  Since its inception in 1998, Comodo has issued over 100 million certificates and has served over 700,000 businesses worldwide. The rebranding marks the dawn of a new era, as the company broadens its [...]

SSL Validity to be Restricted to 2 Years from March 2018

The Certificate Authority Browser Forum, also known as CAB Forum passed ballot 193 which reduces SSL Certificates validity (Domain Validation and Business Validation) to 825-days (roughly 27 months). The ballot didn't affect the Extended Validation Certificates, due to their already existing 2-year lifetime. The new regulations will come into effect on March 1, 2018. Chris Baily [...]

Google Introduces Security Panel in DevTools

In 2014, Google Chrome Security Team expressed their intention to mark both, broken HTTPS URLs and HTTP websites as being non-secure online resources. Since HTTP is the only non-secure online resource that remained unmarked, the purpose of this marking is to clearly inform users that HTTP websites don’t provide any security for their data. This [...]

How do SSL Certificates Affect SEO Rankings?

Update! In 2017, Chrome began flagging all HTTP websites as not secure. This action accelerated HTTPS adoption across the Web. With over 90% of websites already encrypted, the SEO boost is no longer applicable. You can't gain an edge when HTTPS is all but mandatory for everyone. Moreover, if you don't use an SSL certificate, your [...]

What are the most recent news in the SSL Certificates industry?

Maintaining the security of your website is a very thoughtful process. Check out the most recent news in the SSL Certificates industry in order to ensure secure browsing for your clients:  The 3.2 version of PCI DSS will be released this spring, though it was scheduled to be released in fall. The PCI Security Standards Council revised [...]

PCI DSS 3.2: You should quit using SSL 3.0 and TLS 1.0

According to the latest news in the SSL industry, the new PCI DSS 3.2 version will be released this Spring. Initially, its scheduled release date was in Fall. The PCI Security Standards Council revised the release date to include the extended period of the SSL 3.0/TLS 1.0 migration due to the existing expanding threat landscape. PCI DSS 3.2 The [...]

Go to Top