March 19, 2018 By Shane Schick 2 min read

The company that bought one of the largest certificate authorities (CAs) said it has nearly finished replacing the digital certificates most commonly used by popular websites as major browsers prepare to phase them out in upcoming releases.

DigiCert Inc. said it has been sending mass email messages, calling customers and running webinars to make sure website owners are aware that Google and Mozilla will no longer trust Symantec-backed digital certificates when they release Chrome 66 next month and Mozilla Firefox 60 in May. DigiCert, which bought the CA business from Symantec last fall, noted that more than 99 percent of the top 1 million websites have taken appropriate action.

Purging Outdated Digital Certificates

According to SecurityWeek, the browser-makers established deadlines to revoke trust in digital certificates in response to a series of errors in the way they were issued and managed. DigiCert set up a portal for customers to check their domain name to determine whether they need new or replacement certificates. Companies that used RapidSSL, GeoTrust and Thawte can also obtain replacements through DigiCert.

For all its progress, Enterprise Times raised questions about how DigiCert will manage to win over the remaining customers who had obtained digital certificates through Symantec and other providers. This includes not only the top websites, but also many small and medium-sized businesses (SMBs) that could be affected by the browsers’ deadlines.

A Bumpy Transition

The transition of the CA business from Symantec to DigiCert has not been entirely smooth. Earlier this month, CRN Australia reported that the website of Trustico, a Symantec reseller, temporarily went offline after DigiCert claimed it had emailed the private keys of more than 20,000 digital certificates, which were later revoked. According to TechTarget, DigiCert claimed that 23,000 certificates were compromised, although the number of individual organizations affected by the incident has not been publicly reported.

Recently, DigiCert set up a new reseller program to make it easier to obtain and deploy digital certificates within the enterprise. The program aims to help the CA’s partners take advantage of the opportunity offered by Secure Sockets Layer (SSL), public key infrastructure and Internet of Things (IoT) security.

More from

ChatGPT 4 can exploit 87% of one-day vulnerabilities: Is it really that impressive?

2 min read - After reading about the recent cybersecurity research by Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang, I had questions. While initially impressed that ChatGPT 4 can exploit the vast majority of one-day vulnerabilities, I started thinking about what the results really mean in the grand scheme of cybersecurity. Most importantly, I wondered how a human cybersecurity professional’s results for the same tasks would compare.To get some answers, I talked with Shanchieh Yang, Director of Research at the Rochester Institute…

ONCD releases request for information: Open-source software security

3 min read - Open-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open-source software can be tricky. With so many different people working on the coding, security measures are often overlooked, increasing the chances that a vulnerability will fall through the cracks and be exploited. The Open-Source Software Security Initiative (OS31) aims to provide governance over open-source security processes. After the Log4Shell vulnerability, securing open-source software became a top priority for the federal…

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today