Slashdot Mirror

← Back to Stories (view on slashdot.org)

22 Million SSL Certificates In Use Are Invalid

Posted by kdawson on Monday June 28, 2010 @01:43PM from the netcraft-confirms-it dept.

darthcamaro writes "While SSL certs are widely used on the Internet today, a new study from Qualys, set to be officially released at Black Hat in July, is going to show some shocking statistics. Among the findings in the study is that only 3% of SSL certs in use were actually properly configured. Quoting: '"So we have about 22 million SSL servers with certificates that are completely invalid because they do not match the domain name on which they reside," Ivan Ristic, director of engineering at Qualys, said.'"

3 of 269 comments (clear)

Min score:

Reason:

Sort:

Re:Two reasons for SSL by seifried · 2010-06-28 14:11 · Score: 5, Informative

Invalid argument: Free SSL certificates: http://cert.startcom.org/.
Re:Two reasons for SSL by Anonymous Coward · 2010-06-28 14:26 · Score: 5, Informative

Even better when (yes, Firefox again!) the exception you are required to add ALSO changes the security mode used for Javascript! Sites you add exceptions for run as a Trusted Site and have elevated privileges.
Re:Two reasons for SSL by mysidia · 2010-06-28 15:21 · Score: 5, Informative

Actually it's checked by default, when you click 'get certificate'
And many times i've found after unchecking the box and going to hit the 'Confirm' button... it rechecks just after hitting confirm, and closes the window with a permanent exception added, despite my attempt to only add a temporary one.... very annoying Firefox...