pki

Zitat des Tages

Written by georg on August 18, 2016

Über mögliche Kennzahlen einer PKI:

PKI information includes the number of certificate requests, the number of certificates issued, the number of revocation requests, the number of certificates revoked, service-level statistics, and the relative numbers based on certificate types. Other pertinent information might be certificate misuse or other agreement violations.

Zitat des Tages

Written by georg on August 17, 2016

Failure to properly manage your SSL certificates will have an additional consequence to your customer support organization. If customers visit an Internet website and see a security warning because of an expired SSL certificate, they may have concerns about whether their private data are at risk. Either they will abandon the site or they may pick up the phone and call your customer support linke to ask about what caused the situation.

Zitat des Tages

Written by georg on August 16, 2016

Having more than one commercial CA provider can be a good decision to avoid vendor lock-in and provide a readily available alternative source of SSL certificates in the event a commercial CA is compromised.

Zitat des Tages

Written by georg on August 15, 2016

If your SSL certificates on your Internet-facing e-commerce site expire, you will lose your customers‘ trust resulting in a loss of buiness.

Zitat des Tages

Written by georg on August 14, 2016

An expired SSL certificate in your network can have very real negative consequences, as it takes just one expired SSL certificate to put your business at risk.

Zitat des Tages

Written by georg on August 13, 2016

For example, you may need an external commercially issued extended validation certificate for your e-commerce site at RSA248 with SHA256 where your internal server may be perfectly happy with an internally issued standard SSL certificate at RSA248 with SHA1 (for at least a little while longer).

Zitat des Tages

Written by georg on August 10, 2016

Constantly check the secuirty of your CA operations.

Zitat des Tages

Written by georg on August 9, 2016

CAs are becoming targets for attackers.

Zitat des Tages

Written by georg on August 8, 2016

Plan on time to push new CA certificates out into your infrastructure and user base. Do not attempt to generate a new CA, and plan to stat using it to issue end-entity certificates on the same weekend!

Certificate Trust

Written by georg on Juli 2, 2016

It is a bad practice to blindly trust an unknown certificate issued from an unknown CA.

Ach wie gut, dass mit dem Betriebssystem nicht Zertifikate hunderte unbekannter CAs mitgeliefert werden.