Domain: globalsign.com
Stories and comments across the archive that link to globalsign.com.
Comments · 11
-
Re:Oh that is just textbook xkcd...
OK, it looks like the fix for them accidentally revoking their certificate was just to un-revoke it and pretend that it never happened. Clearing my OCSP cache "resolved" the issue. That whole affair really reinforces my faith in the CA system.
-
Re:Oh that is just textbook xkcd...
Why is xkcd (through fastly) still using a cert signed by a revoked intermediate CA? Isn't three months long enough to sort that out?
-
Re:And with StartCom dead...
LetEncrypt is still free, if their system will work for you, and Symantec is in the process of setting up something that seems similar over at FreeSSL. Otherwise, you can get cheap certs from Comodo and GoDaddy (yeah, their rep isn't great either, but it's just a binary file when you get right down to it) - ideally via one of their resellers who will offer lower prices, and the prices go up from there. Another approach is to shop around for a suitable VPS or other hosting bundle that includes a certificate in the price, which can often work out quite cost effective. Finally, if you fit the criteria, there are some commercial vendors that offer free certificates to non-profits - e.g. GlobalSign's offer of a free certificate for OSS projects.
-
Re:Locking out open source hardware
In case you have not noticed, the cheapest of the EV Certs is $1000 a Year
First hit on Google has them for $410/year, and obviously stuff signed doesn't expire after that time (only the ability to sign new stuff does).
Only organizations can obtain these certificates, not individual developers.
Incorrect. The developer of vJoy, for example, recently acquired one to sign his open source kernel mode driver. Did a little fund-raiser to get $475 (he used someone more expensive). He's just an individual, not a company.
Also, all EV Code signing certs require Smartcard/Token-Based Storage of your certificate's private key to ensure credentials cannot be shared, and you cannot automate the digital signing process.
Incorrect, you can configure Visual Studio to auto-sign your driver every time you build it using the USB device they supply included in the cost.
-
Re:"It's Not a Tumor" - Oh Wait, It Is
How about this https://www.globalsign.com/cer...?
I haven't tried setting up a large PKI infrastructure so I'm curious if you know more. Technically it's possible but I could see why a CA wouldn't do it. The info for this GlobalSign "Trusted Root" seems to imply that you get to sign keys with your own existing root CA but that GlobalSign will sign it as well so you don't need to distribute your own root cert. Am I reading it wrong?
-
Re:We need to keep this secret
You mean like SSL is broken and nobody talks about it?
First there was BEAST in 2011, which was fixed. But the situation in 2013 is not better!
https://www.globalsign.com/blog/is-ssl-broken.html (and links therein, especially the last two)
https://www.imperialviolet.org/2013/02/04/luckythirteen.html
http://blog.cryptographyengineering.com/2013/02/attack-of-week-tls-timing-oracles.html
List of all attacks: http://armoredbarista.blogspot.de/2013/01/a-brief-chronology-of-ssltls-attacks.html -
Something's not right here...
According to GlobalSign (one of the largest CA's), they stopped issuing 1024bit keys back in 2010... The lowest encryption they (and most CA's) use now is 2048bits. https://www.globalsign.com/support/faq/sslfaq.php All orders placed from November 29th 2010 will only be accepted with a CSR key length of 2048 bits or higher. This is to fully comply with the National Institute of Standards and Technology Recommendations (NIST) and the mandatory requirements by Microsoft's Root Certificate Program to issue Certificates from a minimum of 2048 bits by January 1, 2011. Maybe it's related to the Y1969 bug
:) -
Re:That should fail.
Easy enough to do. Comodo or GlobalSign will actually sell you an intermediate CA certificate issued by their trusted Root CA. Refer to GlobalTrust's page on that for evidence. Comodo has no info on the fact they allow this, but I have seen a Comodo chained CA in the wild.
-
not first
Globalsign does this too already : http://www.globalsign.com/digital_certificate/ext
e nded_validation_ssl/index.cfm -
Alternatives...
Well, I run a few web sites, and I've thought about getting a cert from verisign, but thought better of it... It's just too expensive! At the moment I've just signed my own cert, but I am getting a free cert from GlobalSign. It seems though, that it is only a temporary offer - But I'm hoping they'll keep offering free ones, for charity or very small companies
;-)
I hope you can use it! -
Alternatives...
Well, I run a few web sites, and I've thought about getting a cert from verisign, but thought better of it... It's just too expensive! At the moment I've just signed my own cert, but I am getting a free cert from GlobalSign. It seems though, that it is only a temporary offer - But I'm hoping they'll keep offering free ones, for charity or very small companies
;-)
I hope you can use it!