As of March 13, 2018, Let’s Encrypt Now Supports Wildcard SSL Certificates. The process uses their newer software, and requires DNS changes in order to verify the wildcard domain.
Vulnerability in Let’s Encrypt ACME TLS-SNI-01 Validation
An interesting read about how a vulnerability in Let’s Encrypt ACME TLS-SNI-01 validation led to being able to issue SSL certificates for any domain desired. Let’s Encrypt has Disabled ACME TLS-SNI-01 Validation for now. How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting Click the link above to read the full…
New Digicert Root Intermediate Certificates For All Symantec SSL Products
Effective on December 1, 2017, all newly issued Symantec SSL certificates (including GeoTrust, RapidSSL, Thawte, and Symantec) will now use a new Digicert signed intermediate certificate. Digicert recently acquired the certificate business from Symantec. Symantec was penalized by Google due to security issues with regards to properly vetting SSL certificates in the past. Google Chrome…
TLS 1.0 PCI Deadline – June 30, 2018
The payment card industry (PCI) council has set a deadline of June 30, 2018 to no longer have support for TLS 1.0 (an insecure SSL Protocol). After this date, any website allowing TLS 1.0 and wanting to be PCI compliant will no longer be compliant. What is TLS? TLS is a security protocol that allows…
New Website and Testing System Live!
We’re excited to unveil the new Why No Padlock website and testing system! It’s been a long time in the works, but we’ve finally revamped the site and the technology behind it to bring you: improved testing better SSL error detection easier to understand reports more tests/checks for common issues Give it a try, and…