Let’s Encrypt will revoke millions of SSL certificates

low cost names

Let’s Encryprt digital certificates are very popular on the Internet, offering a free web security option. An error converts those websites into “Unsafe Sites “, allowing the entry of malicious agents, thus leaving the information vulnerable for unknown persons to take and misuse it.

What bug did Let’s Encrypt discover?

The error lies in the verification of the name of each domain. The Let’s Encrypt team found that Boulder would validate that domain name countless times on each server. The company accepts domain validation results for a period of 30 days, from the moment of your request, however, CAA records cannot be verified more than 8 hours in advance.

Therefore, a 30-day window was opened where the certificates will be rejected, because the CAA in DNS will not allow their issuance. The only solution to this conflict, for now, is manual renewal.

If this step is not done, the sites will constantly display a warning sign as the server will detect an invalid certificate. Let’s Encrypt issues certificates at 90-day intervals, this means that browsers would detect the error for more than two months unless manual renewal is performed.

server colocation uk

A great example of the importance of the validity of a web certificate

As we have mentioned before, the validity of a certificate is very important, as it is what defines how long we will have a secure site. With shorter terms, these types of errors can be avoided earlier. In this particular case, the error is solved by creating a command that generates a forced renewal, something relatively simple, however, the period of time that the sites remain vulnerable can cause more serious problems in the future.

The SSL (Secure Socket Layer) protocols are the successors of the TLS (Transport Layer Security) protocols, and work in a similar way. They are data encryption protocols, which provide security, privacy and integrity in the communication of two connected points within a network. Therefore, an SSL protocol is responsible for guaranteeing the security of the information transmitted on that network, in such a way that it cannot be modified by external agents.

In this way, only the senders and receivers will be the only ones with access to the messages within this communication in its entirety. But how does an SSL protocol work? Next we will explain a little about its operation within the communication of a network.

This server colocation uk protocol is used in the transfer of hypertext (web pages) in a secure way. Therefore, the exchange of information between a user and the website will be protected, mainly when it comes to the exchange of data such as passwords, banking information, etc.

How an SSL protocol works

This type of protocol uses both asymmetric and symmetric cryptography. The exchange of keys is carried out in the first, to later encrypt this communication within a symmetric algorithm.

For a website to have this security, it needs to have an SSL certificate. This will provide access to a server that has the SSL protocol, in such a way that a secure connection will always be established between the website and the users. What is the process of this information exchange?

The user connects to the Internet and enters a website, for example: www.example.com

The server where the site is hosted must send the certificate with its public key. If the server does not have a certificate, the browser should show an error.

At this point, the browser will verify the reliability of the website. In case it is not a reliable site, it will ask the user if they agree to access under their responsibility.

When the site is trusted, the cheap email hosting will generate a symmetric key and it will be sent securely to the server.

In this way, a secure communication with a website is established.

Ensure the integrity of your information

The SSL protocol and the TSL help provide confidentiality and integrity to your transmission. At The Email Shop we make sure to provide you with the most reliable SSL protocol to guarantee the integrity of your website data.

We recently told you about the new measures adopted by Apple with respect to the validity that your Safari browser will accept; however, it is not the only company in favor of SSL certificates having a shorter term. The companies in charge of its issuance are not in favor due to the complications that this represents, however, those who are directly benefited are the users, and it is for this reason that other companies are in favor of this measure.

What other companies are in favor of this change?

The validity of an SSL certificate is important, simply because it represents how long your protection will be valid. During the CA / Browser (CA / B) Forum, the SC22 vote was held, where it was requested that these certificates last no more than 398 days. This request is the result of a background where the community wanted to work as a team with the needs of the companies and improve the safety of users; However, as we have already mentioned, this vote was against and with the immediate response of Apple by reducing the validity of the certificates on its platform from September of this year.

The arguments of these best email hosting for small business uk support the benefits that were presented in the vote. On the other hand, the objective of this vote was focused on users and the possible benefits that reducing the validity of SSL certificates could bring, so that all certificate consumers, that is, browser providers for users (Apple, Cisco, Google, Microsoft, Mozilla, Opera and 360) voted in favor.

DigiCert in favor of the benefits of a shorter term

Among the companies that are also in favor of this measure is DigiCert, who published a statement on its official site showing its position, where it states that shortening the validity of SSL certificates would help improve the web security ecosystem and that, in addition, has the tools in order to meet the needs of users to automate their certificates and that they are not affected by Apple’s measures, which will surely be adopted by the rest of the browser providers.

A shorter validity for SSL certificates offers solutions to problems such as:

Errors arising from the misinterpretation or incorrect application of the initial requirements. With a shorter term, they can be resolved in less time.

Even if the initial requirements are very ambiguous, adjustments can be made with more time.

In operation, the prolonged use of certificates has generated various problems, which can be avoided with a shorter validity time.

These are just a few examples of the problems reducing the lifetime of SSL certificates would solve. The companies that are in favor of this change are more focused on the benefit of users than on the processes or difficulties that this would represent.