pki

Zitat des Tages

Written by  on August 17, 2016

Failure to properly manage your SSL certificates will have an additional consequence to your customer support organization. If customers visit an Internet website and see a security warning because of an expired SSL certificate, they may have concerns about whether their private data are at risk. Either they will abandon the site or they may pick up the phone and call your customer support linke to ask about what caused the situation.

Zitat des Tages

Written by  on August 16, 2016

Having more than one commercial CA provider can be a good decision to avoid vendor lock-in and provide a readily available alternative source of SSL certificates in the event a commercial CA is compromised.

Zitat des Tages

Written by  on August 15, 2016

If your SSL certificates on your Internet-facing e-commerce site expire, you will lose your customers’ trust resulting in a loss of buiness.

Zitat des Tages

Written by  on August 14, 2016

An expired SSL certificate in your network can have very real negative consequences, as it takes just one expired SSL certificate to put your business at risk.

Zitat des Tages

Written by  on August 13, 2016

For example, you may need an external commercially issued extended validation certificate for your e-commerce site at RSA248 with SHA256 where your internal server may be perfectly happy with an internally issued standard SSL certificate at RSA248 with SHA1 (for at least a little while longer).

Zitat des Tages

Written by  on August 10, 2016

Constantly check the secuirty of your CA operations.

Zitat des Tages

Written by  on August 9, 2016

CAs are becoming targets for attackers.

Zitat des Tages

Written by  on August 8, 2016

Plan on time to push new CA certificates out into your infrastructure and user base. Do not attempt to generate a new CA, and plan to stat using it to issue end-entity certificates on the same weekend!

Certificate Trust

Written by  on Juli 2, 2016

It is a bad practice to blindly trust an unknown certificate issued from an unknown CA.

Ach wie gut, dass mit dem Betriebssystem nicht Zertifikate hunderte unbekannter CAs mitgeliefert werden.

Log filtering

Written by  on Juli 1, 2016

Sensitive information should be filtered at the source during log generation.

Schützenswerte Daten, sollten erst gar nicht auf eventuell schlechter geschützte Systeme kommen.