SSL

24 January 2017 at 2:08pm
We're pleased to announce that from today the service can provide end user certificates, which are used for digitally signing and encrypting emails. These are called S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates. S/MIME are installed on email clients which then enable the end user to send digitally signed emails, giving recipients assurances that the email originated from the sender's account. By signing emails, recipients can also have confidence that the contents of the email has been been altered in transit.
11 September 2014 at 8:03pm
In some online services specific functions to be carried out present good use cases for adding increased assurance to the authentication of the user logging in to perform such a task, for example to sign domains with DNSSEC or for the approval of Extended Validation SSL certificate requests.
29 August 2017 at 10:52am
Encryption is a powerful security tool, but one that is very easy to misuse and implement poorly. The past years have seen several vulnerabilities and events that we have had to respond to HEARTBLEED, BEAST, POODLE, the retirement of SHA1 certificates, and PCI DSS mandating TLS 1.1.  We have spent a lot of time and effort ensuring that our own systems are well managed, and it is important that our suppliers are able to keep pace with changes in how we want to use encryption. This has led us to start including requirements for encryption within procurements.
Once you have the appropriate certificate credit on your organisation's Certificate Service account, you can proceed and request the required S/MIME email certificate, by clicking on the 'Request Certificate' tab in the JCS portal. The following steps apply: Request Certificate 1. Is the certificate for a primary or secondary school? Note: S/MIME certificates are not available for school owned domains.
The Jisc's Certificate Service's Terms and Conditions (found here https://community.jisc.ac.uk/library/janet-services-documentation/jcs-terms-and-conditions) includes a Sub-Local Registration Authority agreement. This is an agreement between the organisation as a member of the Certificate Service and Jisc, which is required as part of the service supported by QuoVadis CA, as the Certificate Authority signing issued certificates.
16 November 2015 at 4:27pm
HTTP Strict Transport Security (HSTS) allows a site to specify that not only should all future references and requests to the site use HTTPS rather than HTTP, but that if any failures to encrypt traffic to or from the site occur, access to the site should be completely blocked by the browser. Even with manual intervention, the user is unable to click past the errors and continue to the site.
27 July 2015 at 4:18pm
Recent news has nicely coincided with my drafting of an encryption policy as part of our Information Security Management System. “Logjam” joins a growing number of vulnerabilities in cryptosystems such as Heartbleed, BEAST and POODLE.
22 December 2014 at 12:07pm
The steady growth in the use of encrypted communications seems likely to increase next year given recent announcements on both web browsers and servers. That's good news for security people worried that their users may be sending sensitive information such as passwords and credit card numbers over the Internet.
20 November 2014 at 4:56pm
SHA-1 and Google Chrome: 20 November 2014 On 18 November Google released Chrome 39 which will now result in users visiting web services secured with SHA-1 certificates that expire in 2017 being shown a grey padlock with a yellow warning triangle, instead of the usual recognisable green padlock.
30 March 2015 at 1:32pm
Availability of SHA-256 certificates: 14 October 2014We’re pleased to announce an agreement has been reached between TERENA and Comodo which will enable customers to obtain SHA-256 certificates. This is available with immediate effect and all certificates obtained from the service will be by default SHA-256.
Subscribe to SSL