Microsoft to kill weak web certificates

Started by Simon, Sep 10, 2012, 21:17:28

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Simon

Website owners need to check and update their SSL certificates in order to avoid being shown as a security risk ahead of an upcoming security clampdown by Microsoft.

The warning comes ahead of a 9 October update that will address the strength of digital certificates used to authenticate sites and services, with shorter 512-bit encrypted keys no longer valid and blocked by Internet Explorer.

The issue was partially addressed in August, with an optional patch in Security Advisory 2661254, following a series of security issues caused by certificate flaws. Now, Microsoft will make the stricter rules on encryption key length apply across the board next month, with some older certificates no longer showing as being from a trusted site.

"Internet Explorer will show a warning similar to the one you would get for other SSL inconsistencies such as a 'Certificate not signed by an approved Certificate Authority'," said Wolfgang Kandek, CTO of security company Qualys. "There are also other possible impacts in email."

According to Kandek, the issue is likely to be limited to relatively few certificates, but the impact on those sites will be significant.

Read more: http://www.pcpro.co.uk/news/376822/microsoft-to-kill-weak-web-certificates#ixzz266G308jz
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.