PKI and digital certificates
Using a public key infrastructure (PKI), certificate authority (CA) and digital certificates is a key way to develop a secure network infrastructure for user access, keep data secure and eliminate hacker threats. Get expert advice and tools to implement PKI in your organization.
Top Stories
-
News
04 Aug 2021
Researchers crack new Let's Encrypt validation feature
Multiperspective validation can be thwarted with a traffic-throttling technique that could lead to attackers obtaining digital certificates for domains they don't own. Continue Reading
-
Tip
12 Jul 2021
How to implement machine identity management for security
In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
-
Definition
31 Mar 2022
authentication server
An authentication server is an application that facilitates the authentication of an entity that attempts to access a network. Continue Reading
-
Definition
27 Jan 2022
one-time pad
In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Continue Reading
-
Definition
19 Jan 2022
Pretty Good Privacy (PGP)
Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
-
Definition
28 Dec 2021
registration authority (RA)
A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. Continue Reading
-
Definition
04 Nov 2021
RSA algorithm (Rivest-Shamir-Adleman)
The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network, such as the internet. Continue Reading
-
Definition
27 Oct 2021
Digital Signature Standard (DSS)
The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) as a means of authentication for electronic documents. Continue Reading
-
Definition
26 Oct 2021
encryption key
In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text. Continue Reading
-
Definition
18 Oct 2021
cipher
In cryptography, a cipher is an algorithm for encrypting and decrypting data. Continue Reading
-
Definition
23 Sep 2021
digital certificate
A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it. Continue Reading
-
Definition
01 Sep 2021
certificate authority (CA)
A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates. Continue Reading
-
Definition
20 Aug 2021
nonrepudiation
Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information. Continue Reading
-
Definition
09 Aug 2021
cryptology
Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Continue Reading
-
News
04 Aug 2021
Researchers crack new Let's Encrypt validation feature
Multiperspective validation can be thwarted with a traffic-throttling technique that could lead to attackers obtaining digital certificates for domains they don't own. Continue Reading
-
Definition
30 Jul 2021
private key
A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data. Continue Reading
-
Definition
20 Jul 2021
SSL (secure sockets layer)
Secure sockets layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading
-
Tip
12 Jul 2021
How to implement machine identity management for security
In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
-
Quiz
01 Jul 2021
Test yourself with this e-learning authentication quizlet
Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education. Continue Reading
-
Definition
30 Jun 2021
public key certificate
A public key certificate is a digitally signed document that serves to validate the sender's authorization and name. Continue Reading
-
Definition
28 Jun 2021
public key
In cryptography, a public key is a large numerical value that is used to encrypt data. Continue Reading
-
Definition
03 Jun 2021
hashing
Hashing is the process of transforming any given key or a string of characters into another value. Continue Reading
-
Definition
21 Apr 2021
IPsec (Internet Protocol Security)
IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data transmitted over the internet or any public network. Continue Reading
-
Definition
12 Apr 2021
Transport Layer Security (TLS)
Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications. Continue Reading
-
Definition
09 Apr 2021
PKI (public key infrastructure)
PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates. Continue Reading
-
Definition
05 Apr 2021
cyber hijacking
Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications. Continue Reading
-
Tip
11 Dec 2020
Tackle multi-cloud key management challenges with KMaaS
Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps. Continue Reading
-
Tip
30 Sep 2020
What are the top secure data transmission methods?
Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip. Continue Reading
-
Tip
29 Apr 2020
SSL certificate best practices for 2020 and beyond
SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
-
Tip
28 Apr 2020
Getting a handle on certificate management in Windows shops
A certificate that isn't renewed by its expiration date will cause dire consequences for administrators who will need to find a fast remedy when systems can't communicate. Continue Reading
-
News
23 Apr 2020
COVID-19 strains critical certificate authority processes
Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
-
News
22 Jan 2020
Netgear under fire after TLS certificates found in firmware -- again
Security researchers revealed Netgear firmware exposed TLS certificate keys, but SearchSecurity discovered it wasn't the first time the issue had been reported to the vendor. Continue Reading
-
News
17 Sep 2019
Researcher finds digital certificate fraud used to spread malware
A new certificate fraud scheme involves a threat actor impersonating company execs to purchase certs which are then resold to those looking to spread malware. Continue Reading
-
Answer
26 Mar 2019
Can PDF digital signatures be trusted?
Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures. Continue Reading
-
Answer
25 Mar 2019
How concerned should I be about a padding oracle attack?
Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading
-
News
22 Mar 2019
Study reveals sale of SSL/TLS certificates on dark web
Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate. Continue Reading
-
News
11 Mar 2019
Zscaler charts sharp increase in SSL threats like phishing, botnets
Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year. Continue Reading
-
News
07 Mar 2019
Cryptography techniques must keep pace with threats, experts warn
Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption. Continue Reading
-
Podcast
08 Feb 2019
Risk & Repeat: Apple restores enterprise certificates for Facebook, Google
This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity. Continue Reading
-
Answer
28 Jan 2019
Will DNS Flag Day affect you? Infoblox's Cricket Liu explains
What is DNS Flag Day? That's when old and broken DNS servers will stop working, improving DNS performance and safety for all. Infoblox's chief DNS architect Cricket Liu explains. Continue Reading
-
Feature
28 Jan 2019
IoT identity management eyes PKI as de facto credential
Public key infrastructure is emerging as the essential technology for identity management in IoT, as customers seek out a trifecta of data integrity, authentication and encryption. Continue Reading
-
Podcast
16 Jan 2019
Risk & Repeat: Expired certificates loom amid government shutdown
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown. Continue Reading
-
Tip
15 Jan 2019
Updating TLS? Use cryptographic entropy for more secure keys
Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson. Continue Reading
-
Podcast
19 Dec 2018
Risk & Repeat: Lessons from the Equifax breach report
This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it. Continue Reading
-
News
14 Dec 2018
Mozilla distrusts all Symantec certificates with Firefox 64 release
News roundup: Mozilla finally removes trust for Symantec certificates with Firefox 64. Plus, Supermicro's investigation challenges Bloomberg Businessweek's report, and more. Continue Reading
-
Tip
20 Nov 2018
How Windows 10 certificates create a chain of trust
Certificates in Windows 10 create a chain of trust that confirms the identity of the user accessing corporate resources and ensures that she is doing so over a trusted connection. Continue Reading
-
Answer
12 Oct 2018
What does a Windows 10 digital certificate do?
IT pros can build trust into Windows 10 by adding certificates that form trusted connections by confirming the identity of any individuals or entities communicating with the OS. Continue Reading
-
News
03 Oct 2018
DigiCert, Gemalto and ISARA to provide quantum-proof certificates
Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry. Continue Reading
-
Answer
18 Sep 2018
What are the steps for an Exchange certificate renewal?
An expired Exchange 2010 certificate is one of those issues that catches everyone's attention. Check and replace certificates with these basic commands. Continue Reading
-
News
29 Jun 2018
GlobalSign, Comodo launch competing IoT security platforms
Rival certificate authorities GlobalSign and Comodo CA have strengthened their presence in the IoT security market with new platforms for connected devices. Continue Reading
-
News
16 Apr 2018
SSH announces new key and certificate management service
A new key and certificate management service is now offered by SSH, which teamed up with AppViewX to provide a way to administer cryptographic keys and digital certificates. Continue Reading
-
News
27 Mar 2018
TLS 1.3 update is finalized with encryption upgrade
The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support. Continue Reading
-
Podcast
07 Mar 2018
Risk & Repeat: Trustico certificate drama a cause for concern
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked. Continue Reading
-
News
02 Mar 2018
23,000 Symantec certificates revoked following leak of private keys
DigiCert revoked 23,000 Symantec SSL certificates amid a public spat between the company and former reseller partner Trustico, which claimed the certificates were 'compromised.' Continue Reading
-
News
30 Jan 2018
New Comodo CA leadership talks competition, IoT devices
Comodo CA's new chairman Bill Conner and CEO Bill Holtz talk with SearchSecurity about competition in the certificate market and how the internet of things will fuel growth. Continue Reading
-
News
25 Jan 2018
Comodo calls out Symantec certificate issues, applauds Google
Bill Conner and Bill Holtz, who recently joined Comodo CA as chairman and CEO, respectively, discuss Symantec's certificate issues and their effect on the certificate market. Continue Reading
-
Answer
18 Jan 2018
Public key pinning: Why is Google switching to a new approach?
After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch. Continue Reading
-
Podcast
17 Jan 2018
Risk & Repeat: Let's Encrypt certificates offer pros, cons
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides. Continue Reading
-
Answer
04 Dec 2017
PGP keys: Can accidental exposures be mitigated?
The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys. Continue Reading
-
Podcast
08 Nov 2017
Risk & Repeat: Sale of Symantec Website Security completed
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec's troubled certificate business. Continue Reading
-
Answer
19 Oct 2017
Running a private certificate authority: What are the risks?
Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what enterprises should know. Continue Reading
-
News
13 Oct 2017
DOJ's 'responsible encryption' is the new 'going dark'
News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed. Continue Reading
-
Answer
04 Oct 2017
WoSign certificates: What happens when Google Chrome removes trust?
Google Chrome has started removing trust in certificates issued by WoSign. Matthew Pascucci explains this decision and what it means for companies using WoSign certificates. Continue Reading
-
News
03 Aug 2017
Symantec Website Security, certificate authority business sold to DigiCert
DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates. Continue Reading
-
Tip
27 Jul 2017
SHA-1 collision: How the attack completely breaks the hash function
Google and CWI researchers have successfully developed a SHA-1 attack where two pieces of data create the same hash value -- or collide. Expert Michael Cobb explains how this attack works. Continue Reading
-
News
20 Jul 2017
Industry reacts to Symantec certificate authority trust remediation
As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives. Continue Reading
-
News
19 Jul 2017
Symantec agrees to transfer certificate issuance to third party
Symantec has agreed to a plan that would transfer its certificate issuance and validation operations to as-yet-unnamed third-party partner starting Dec. 1. Continue Reading
-
News
13 Jul 2017
Symantec certificate authority business reportedly for sale
As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business. Continue Reading
-
Answer
11 Jul 2017
Ticketbleed flaw: How can SSL session identities be protected?
The Ticketbleed flaw in F5 Networks' BIG-IP appliances leaks uninitialized memory and SSL session identities. Expert Michael Cobb explains how enterprises can mitigate it. Continue Reading
-
News
10 Jul 2017
WoSign CA certificates get end-of-trust date in Chrome
Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust. Continue Reading
-
Podcast
23 Jun 2017
Risk & Repeat: Symantec, Mozilla spar over certificate issuance
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Mozilla's suggested deadline for Symantec to turn over its certificate issuance operations. Continue Reading
-
Tip
22 Jun 2017
How the use of invalid certificates undermines cybersecurity
Symantec and other trusted CAs were found using bad certificates, which can create huge risk for internet users. Expert Michael Cobb explains how these incidents can be prevented. Continue Reading
-
News
14 Jun 2017
Symantec CA remediation plan faces more delays
The battle over Symantec CA operations continues as the antivirus vendor pushes back against a consensus remediation proposal from the web browser community. Continue Reading
-
Tip
16 May 2017
Why WPA2-PSK can be a security risk even with an uncracked key
WPA2-PSK is a popular way to bolster wireless security, but it's not perfect. Expert Joseph Granneman explains WPA2 and other aspects of the complicated history of Wi-Fi security. Continue Reading
-
Feature
11 May 2017
Timeline: Symantec certificate authority improprieties
Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant. Continue Reading
-
Podcast
04 May 2017
Risk & Repeat: Symantec offers plan to restore certificate trust
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Symantec's continued struggles with certificate trust, and what Mozilla and Google are doing about it. Continue Reading
-
News
02 May 2017
Mozilla: Symantec certificate remediation plan not enough
Mozilla reviews the counterproposal from Symantec and urges the CA giant to opt for Google's recommendation to outsource its certificate activities. Continue Reading
-
News
28 Apr 2017
Symantec certificate authority offers counter-proposal to Google
Symantec certificate authority proposal takes the pain out of sanctions for misissued certs, offers more audits, greater transparency and promise of "continuous improvement." Continue Reading
-
News
25 Apr 2017
Symantec certificate authority issues, answered
Google and Mozilla weigh the proper response to Symantec certificate authority issues, as the CA giant prepares an alternative proposal for reinstating trust. Continue Reading
-
Podcast
19 Apr 2017
Risk & Repeat: Mozilla joins the Symantec certificate authority debate
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss mounting pressure on the Symantec certificate authority business to provide answers about its practices. Continue Reading
-
News
12 Apr 2017
Symantec CA woes debated by browser community
Compliance with CA/B Forum Baseline Requirements was debated after Symantec CA posted responses to 14 issues raised by Mozilla developers. Continue Reading
-
News
04 Apr 2017
Symantec certificate authority issues listed by Mozilla developers
Mozilla developers respond to questionable Symantec certificate authority practices, as the security provider questions Google's proposed solutions. Continue Reading
-
Podcast
31 Mar 2017
Risk & Repeat: Google slams Symantec certificates
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Google's proposed plan to distrust Symantec certificates following more allegations of mis-issuance. Continue Reading
-
News
29 Mar 2017
Potential SSL API flaw could reveal private keys
A researcher claims to have found Symantec SSL API issues with extremely dangerous consequences, but a lack of evidence causes confusion. Continue Reading
-
News
24 Mar 2017
Google considers options on Symantec certificate authority 'failures'
Symantec certificate authority cries foul, as Google considers severe options following the company allegedly misissuing as many as 30,000 digital certificates. Continue Reading
-
Answer
06 Mar 2017
SHA-1 certificates: How will Mozilla's deprecation affect enterprises?
Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do. Continue Reading
-
News
23 Feb 2017
SHA-1 deprecation more important after hash officially broken
SHA-1 deprecation in browsers comes as researchers create hash collisions and Google offers website and developer tools to protect against malicious uses. Continue Reading
-
Answer
08 Feb 2017
HTTP public key pinning: Is the Firefox browser insecure without it?
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works. Continue Reading
-
Podcast
01 Feb 2017
Risk & Repeat: Bad Symantec certificates strike again
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the discovery of more bad Symantec certificates and what it means for the antivirus software maker. Continue Reading
-
News
27 Jan 2017
Symantec CA report offers more clarity on certificate transparency catch
One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident. Continue Reading
-
News
27 Jan 2017
Google creates its own root certificate authority
Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward. Continue Reading
-
News
24 Jan 2017
Certificate Transparency snags Symantec CA for improper certs
Symantec CA could be in for more trouble after a security researcher, using Certificate Transparency logs, discovered more than 100 improperly issued certificates. Continue Reading
-
Feature
03 Jan 2017
How to buy digital certificates for your enterprise
In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market. Continue Reading
-
Answer
14 Jan 2010
Is it possible to crack the public key encryption algorithm?
Is it possible to create a PKI encryption key that is unbreakable? IAM expert Randall Gamby weighs in. Continue Reading
-
Answer
01 Oct 2007
Choosing from the top PKI products and vendors
In this expert response, security pro Joel Dubin discusses the best ways to compare PKI products and vendors for enterprise implementation of PKI. Continue Reading
-
Answer
24 May 2007
What are the alternatives to RC4 and symmetric cryptography systems?
In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how RC4 encryption stacks up against public key cryptography. Continue Reading