PKI and digital certificates

Using a public key infrastructure (PKI), certificate authority (CA) and digital certificates is a key way to develop a secure network infrastructure for user access, keep data secure and eliminate hacker threats. Get expert advice and tools to implement PKI in your organization.

Top Stories

News 04 Aug 2021
Researchers crack new Let's Encrypt validation feature

Multiperspective validation can be thwarted with a traffic-throttling technique that could lead to attackers obtaining digital certificates for domains they don't own. Continue Reading
Tip 12 Jul 2021
How to implement machine identity management for security

In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading

Definition 31 Mar 2022

authentication server

An authentication server is an application that facilitates the authentication of an entity that attempts to access a network. Continue Reading
Definition 27 Jan 2022

one-time pad

In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Continue Reading
Definition 19 Jan 2022

Pretty Good Privacy (PGP)

Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
Definition 28 Dec 2021

registration authority (RA)

A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. Continue Reading
Definition 04 Nov 2021

RSA algorithm (Rivest-Shamir-Adleman)

The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network, such as the internet. Continue Reading
Definition 27 Oct 2021

Digital Signature Standard (DSS)

The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) as a means of authentication for electronic documents. Continue Reading
Definition 26 Oct 2021

encryption key

In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text. Continue Reading
Definition 18 Oct 2021

cipher

In cryptography, a cipher is an algorithm for encrypting and decrypting data. Continue Reading
Definition 23 Sep 2021

digital certificate

A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it. Continue Reading
Definition 01 Sep 2021

certificate authority (CA)

A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates. Continue Reading
Definition 20 Aug 2021

nonrepudiation

Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information. Continue Reading
Definition 09 Aug 2021

cryptology

Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Continue Reading
News 04 Aug 2021

Researchers crack new Let's Encrypt validation feature

Multiperspective validation can be thwarted with a traffic-throttling technique that could lead to attackers obtaining digital certificates for domains they don't own. Continue Reading
Definition 30 Jul 2021

private key

A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data. Continue Reading
Definition 20 Jul 2021

SSL (secure sockets layer)

Secure sockets layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading
Tip 12 Jul 2021

How to implement machine identity management for security

In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
Quiz 01 Jul 2021

Test yourself with this e-learning authentication quizlet

Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education. Continue Reading
Definition 30 Jun 2021

public key certificate

A public key certificate is a digitally signed document that serves to validate the sender's authorization and name. Continue Reading
Definition 28 Jun 2021

public key

In cryptography, a public key is a large numerical value that is used to encrypt data. Continue Reading
Definition 03 Jun 2021

hashing

Hashing is the process of transforming any given key or a string of characters into another value. Continue Reading
Definition 21 Apr 2021

IPsec (Internet Protocol Security)

IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network. Continue Reading
Definition 12 Apr 2021

Transport Layer Security (TLS)

Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications. Continue Reading
Definition 09 Apr 2021

PKI (public key infrastructure)

PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates. Continue Reading
Definition 05 Apr 2021

cyber hijacking

Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications. Continue Reading
Tip 11 Dec 2020

Tackle multi-cloud key management challenges with KMaaS

Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps. Continue Reading
Tip 30 Sep 2020

What are the top secure data transmission methods?

Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip. Continue Reading
Tip 29 Apr 2020

SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
Tip 28 Apr 2020

Getting a handle on certificate management in Windows shops

A certificate that isn't renewed by its expiration date will cause dire consequences for administrators who will need to find a fast remedy when systems can't communicate. Continue Reading
News 23 Apr 2020

COVID-19 strains critical certificate authority processes

Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
News 22 Jan 2020

Netgear under fire after TLS certificates found in firmware -- again

Security researchers revealed Netgear firmware exposed TLS certificate keys, but SearchSecurity discovered it wasn't the first time the issue had been reported to the vendor. Continue Reading
News 17 Sep 2019

Researcher finds digital certificate fraud used to spread malware

A new certificate fraud scheme involves a threat actor impersonating company execs to purchase certs which are then resold to those looking to spread malware. Continue Reading
Answer 26 Mar 2019

Can PDF digital signatures be trusted?

Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures. Continue Reading
Answer 25 Mar 2019

How concerned should I be about a padding oracle attack?

Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading
News 22 Mar 2019

Study reveals sale of SSL/TLS certificates on dark web

Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate. Continue Reading
News 11 Mar 2019

Zscaler charts sharp increase in SSL threats like phishing, botnets

Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year. Continue Reading
News 07 Mar 2019

Cryptography techniques must keep pace with threats, experts warn

Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption. Continue Reading
Podcast 08 Feb 2019

Risk & Repeat: Apple restores enterprise certificates for Facebook, Google

This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity. Continue Reading
Answer 28 Jan 2019

Will DNS Flag Day affect you? Infoblox's Cricket Liu explains

What is DNS Flag Day? That's when old and broken DNS servers will stop working, improving DNS performance and safety for all. Infoblox's chief DNS architect Cricket Liu explains. Continue Reading
Feature 28 Jan 2019

IoT identity management eyes PKI as de facto credential

Public key infrastructure is emerging as the essential technology for identity management in IoT, as customers seek out a trifecta of data integrity, authentication and encryption. Continue Reading
Podcast 16 Jan 2019

Risk & Repeat: Expired certificates loom amid government shutdown

This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown. Continue Reading
Tip 15 Jan 2019

Updating TLS? Use cryptographic entropy for more secure keys

Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson. Continue Reading
Podcast 19 Dec 2018

Risk & Repeat: Lessons from the Equifax breach report

This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it. Continue Reading
News 14 Dec 2018

Mozilla distrusts all Symantec certificates with Firefox 64 release

News roundup: Mozilla finally removes trust for Symantec certificates with Firefox 64. Plus, Supermicro's investigation challenges Bloomberg Businessweek's report, and more. Continue Reading
Tip 20 Nov 2018

How Windows 10 certificates create a chain of trust

Certificates in Windows 10 create a chain of trust that confirms the identity of the user accessing corporate resources and ensures that she is doing so over a trusted connection. Continue Reading
Answer 12 Oct 2018

What does a Windows 10 digital certificate do?

IT pros can build trust into Windows 10 by adding certificates that form trusted connections by confirming the identity of any individuals or entities communicating with the OS. Continue Reading
News 03 Oct 2018

DigiCert, Gemalto and ISARA to provide quantum-proof certificates

Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry. Continue Reading
Answer 18 Sep 2018

What are the steps for an Exchange certificate renewal?

An expired Exchange 2010 certificate is one of those issues that catches everyone's attention. Check and replace certificates with these basic commands. Continue Reading
News 29 Jun 2018

GlobalSign, Comodo launch competing IoT security platforms

Rival certificate authorities GlobalSign and Comodo CA have strengthened their presence in the IoT security market with new platforms for connected devices. Continue Reading
News 16 Apr 2018

SSH announces new key and certificate management service

A new key and certificate management service is now offered by SSH, which teamed up with AppViewX to provide a way to administer cryptographic keys and digital certificates. Continue Reading
News 27 Mar 2018

TLS 1.3 update is finalized with encryption upgrade

The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support. Continue Reading
Podcast 07 Mar 2018

Risk & Repeat: Trustico certificate drama a cause for concern

In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked. Continue Reading
News 02 Mar 2018

23,000 Symantec certificates revoked following leak of private keys

DigiCert revoked 23,000 Symantec SSL certificates amid a public spat between the company and former reseller partner Trustico, which claimed the certificates were 'compromised.' Continue Reading
News 30 Jan 2018

New Comodo CA leadership talks competition, IoT devices

Comodo CA's new chairman Bill Conner and CEO Bill Holtz talk with SearchSecurity about competition in the certificate market and how the internet of things will fuel growth. Continue Reading
News 25 Jan 2018

Comodo calls out Symantec certificate issues, applauds Google

Bill Conner and Bill Holtz, who recently joined Comodo CA as chairman and CEO, respectively, discuss Symantec's certificate issues and their effect on the certificate market. Continue Reading
Answer 18 Jan 2018

Public key pinning: Why is Google switching to a new approach?

After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch. Continue Reading
Podcast 17 Jan 2018

Risk & Repeat: Let's Encrypt certificates offer pros, cons

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides. Continue Reading
Answer 04 Dec 2017

PGP keys: Can accidental exposures be mitigated?

The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys. Continue Reading
Podcast 08 Nov 2017

Risk & Repeat: Sale of Symantec Website Security completed

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec's troubled certificate business. Continue Reading
Answer 19 Oct 2017

Running a private certificate authority: What are the risks?

Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what enterprises should know. Continue Reading
News 13 Oct 2017

DOJ's 'responsible encryption' is the new 'going dark'

News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed. Continue Reading
Answer 04 Oct 2017

WoSign certificates: What happens when Google Chrome removes trust?

Google Chrome has started removing trust in certificates issued by WoSign. Matthew Pascucci explains this decision and what it means for companies using WoSign certificates. Continue Reading
News 03 Aug 2017

Symantec Website Security, certificate authority business sold to DigiCert

DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates. Continue Reading
Tip 27 Jul 2017

SHA-1 collision: How the attack completely breaks the hash function

Google and CWI researchers have successfully developed a SHA-1 attack where two pieces of data create the same hash value -- or collide. Expert Michael Cobb explains how this attack works. Continue Reading
News 20 Jul 2017

Industry reacts to Symantec certificate authority trust remediation

As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives. Continue Reading
News 19 Jul 2017

Symantec agrees to transfer certificate issuance to third party

Symantec has agreed to a plan that would transfer its certificate issuance and validation operations to as-yet-unnamed third-party partner starting Dec. 1. Continue Reading
News 13 Jul 2017

Symantec certificate authority business reportedly for sale

As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business. Continue Reading
Answer 11 Jul 2017

Ticketbleed flaw: How can SSL session identities be protected?

The Ticketbleed flaw in F5 Networks' BIG-IP appliances leaks uninitialized memory and SSL session identities. Expert Michael Cobb explains how enterprises can mitigate it. Continue Reading
News 10 Jul 2017

WoSign CA certificates get end-of-trust date in Chrome

Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust. Continue Reading
Podcast 23 Jun 2017

Risk & Repeat: Symantec, Mozilla spar over certificate issuance

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Mozilla's suggested deadline for Symantec to turn over its certificate issuance operations. Continue Reading
Tip 22 Jun 2017

How the use of invalid certificates undermines cybersecurity

Symantec and other trusted CAs were found using bad certificates, which can create huge risk for internet users. Expert Michael Cobb explains how these incidents can be prevented. Continue Reading
News 14 Jun 2017

Symantec CA remediation plan faces more delays

The battle over Symantec CA operations continues as the antivirus vendor pushes back against a consensus remediation proposal from the web browser community. Continue Reading
Tip 16 May 2017

Why WPA2-PSK can be a security risk even with an uncracked key

WPA2-PSK is a popular way to bolster wireless security, but it's not perfect. Expert Joseph Granneman explains WPA2 and other aspects of the complicated history of Wi-Fi security. Continue Reading
Feature 11 May 2017

Timeline: Symantec certificate authority improprieties

Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant. Continue Reading
Podcast 04 May 2017

Risk & Repeat: Symantec offers plan to restore certificate trust

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Symantec's continued struggles with certificate trust, and what Mozilla and Google are doing about it. Continue Reading
News 02 May 2017

Mozilla: Symantec certificate remediation plan not enough

Mozilla reviews the counterproposal from Symantec and urges the CA giant to opt for Google's recommendation to outsource its certificate activities. Continue Reading
News 28 Apr 2017

Symantec certificate authority offers counter-proposal to Google

Symantec certificate authority proposal takes the pain out of sanctions for misissued certs, offers more audits, greater transparency and promise of "continuous improvement." Continue Reading
News 25 Apr 2017

Symantec certificate authority issues, answered

Google and Mozilla weigh the proper response to Symantec certificate authority issues, as the CA giant prepares an alternative proposal for reinstating trust. Continue Reading
Podcast 19 Apr 2017

Risk & Repeat: Mozilla joins the Symantec certificate authority debate

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss mounting pressure on the Symantec certificate authority business to provide answers about its practices. Continue Reading
News 12 Apr 2017

Symantec CA woes debated by browser community

Compliance with CA/B Forum Baseline Requirements was debated after Symantec CA posted responses to 14 issues raised by Mozilla developers. Continue Reading
News 04 Apr 2017

Symantec certificate authority issues listed by Mozilla developers

Mozilla developers respond to questionable Symantec certificate authority practices, as the security provider questions Google's proposed solutions. Continue Reading
Podcast 31 Mar 2017

Risk & Repeat: Google slams Symantec certificates

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Google's proposed plan to distrust Symantec certificates following more allegations of mis-issuance. Continue Reading
News 29 Mar 2017

Potential SSL API flaw could reveal private keys

A researcher claims to have found Symantec SSL API issues with extremely dangerous consequences, but a lack of evidence causes confusion. Continue Reading
News 24 Mar 2017

Google considers options on Symantec certificate authority 'failures'

Symantec certificate authority cries foul, as Google considers severe options following the company allegedly misissuing as many as 30,000 digital certificates. Continue Reading
Answer 06 Mar 2017

SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do. Continue Reading
News 23 Feb 2017

SHA-1 deprecation more important after hash officially broken

SHA-1 deprecation in browsers comes as researchers create hash collisions and Google offers website and developer tools to protect against malicious uses. Continue Reading
Answer 08 Feb 2017

HTTP public key pinning: Is the Firefox browser insecure without it?

HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works. Continue Reading
Podcast 01 Feb 2017

Risk & Repeat: Bad Symantec certificates strike again

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the discovery of more bad Symantec certificates and what it means for the antivirus software maker. Continue Reading
News 27 Jan 2017

Symantec CA report offers more clarity on certificate transparency catch

One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident. Continue Reading
News 27 Jan 2017

Google creates its own root certificate authority

Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward. Continue Reading
News 24 Jan 2017

Certificate Transparency snags Symantec CA for improper certs

Symantec CA could be in for more trouble after a security researcher, using Certificate Transparency logs, discovered more than 100 improperly issued certificates. Continue Reading
Feature 03 Jan 2017

How to buy digital certificates for your enterprise

In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market. Continue Reading
Answer 14 Jan 2010

Is it possible to crack the public key encryption algorithm?

Is it possible to create a PKI encryption key that is unbreakable? IAM expert Randall Gamby weighs in. Continue Reading
Answer 01 Oct 2007

Choosing from the top PKI products and vendors

In this expert response, security pro Joel Dubin discusses the best ways to compare PKI products and vendors for enterprise implementation of PKI. Continue Reading
Answer 24 May 2007

What are the alternatives to RC4 and symmetric cryptography systems?

In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how RC4 encryption stacks up against public key cryptography. Continue Reading