PKI and digital certificates

Using a public key infrastructure (PKI), certificate authority (CA) and digital certificates is a key way to develop a secure network infrastructure for user access, keep data secure and eliminate hacker threats. Get expert advice and tools to implement PKI in your organization.

March 17, 2021 17 Mar'21
SolarWinds hackers stole Mimecast source code

The investigation into a stolen Mimecast-issued digital certificate is now complete, and the vendor said the initial intrusion was Sunburst malware in the SolarWinds Orion platform.
January 26, 2021 26 Jan'21
Mimecast certificate compromised by SolarWinds hackers

Mimecast conducted an investigation after being alerted by Microsoft that a certificate for Microsoft 365 Exchange Web Services authentication was stolen by a sophisticated actor.
April 23, 2020 23 Apr'20
COVID-19 strains critical certificate authority processes

Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19.
January 22, 2020 22 Jan'20
Netgear under fire after TLS certificates found in firmware -- again

Security researchers revealed Netgear firmware exposed TLS certificate keys, but SearchSecurity discovered it wasn't the first time the issue had been reported to the vendor.

Bring yourself up to speed with our introductory content

PKI (public key infrastructure)

PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates. Continue Reading
cyber hijacking

Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications. Continue Reading
digital signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Can PDF digital signatures be trusted?

Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures. Continue Reading
IoT identity management eyes PKI as de facto credential

Public key infrastructure is emerging as the essential technology for identity management in IoT, as customers seek out a trifecta of data integrity, authentication and encryption. Continue Reading
Public key pinning: Why is Google switching to a new approach?

After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch. Continue Reading

Learn to apply best practices and optimize your operations.

Tackle multi-cloud key management challenges with KMaaS

Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps. Continue Reading
SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
Getting a handle on certificate management in Windows shops

A certificate that isn't renewed by its expiration date will cause dire consequences for administrators who will need to find a fast remedy when systems can't communicate. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How concerned should I be about a padding oracle attack?

Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading
What are the steps for an Exchange certificate renewal?

An expired Exchange 2010 certificate is one of those issues that catches everyone's attention. Check and replace certificates with these basic commands. Continue Reading
PGP keys: Can accidental exposures be mitigated?

The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys. Continue Reading