SSL

Two factor options

Simon Cooper
11 September 2014 at 8:03pm
Token
sms
TOTP
user authentication
SSL
In some online services specific functions to be carried out present good use cases for adding increased assurance to the authentication of the user logging in to perform such a task, for example to sign domains with DNSSEC or for the approval of Extended Validation SSL certificate requests.
Read more

FAQ for change to domain validation process

Andrew Simpson
21 September 2018 at 10:46am
jcs
SSL
certificates
domain validation
WE ENCOURAGE CUSTOMERS TO VALIDATE DOMAINS IN ADVANCE TO AVOID POSSIBLE LENGTHY DELAYS IN PROCESSING CERTIFICATE REQUESTS Q1) What is the change? From 1 August, new industry regulation states that Certificate Authorities (CAs) must no longer rely on checking a public WHOIS record to validate domain ownership. Instead, customers requesting a certificate must demonstrate a ‘positive interaction’ to show they have control over/ownership of the domain to be used in a certificate.
Read more
29 August 2017 at 10:52am

Suppliers and encryption

James Davis
iso27001
Procurement
encryption
TLS
SSL
Encryption is a powerful security tool, but one that is very easy to misuse and implement poorly. The past years have seen several vulnerabilities and events that we have had to respond to HEARTBLEED, BEAST, POODLE, the retirement of SHA1 certificates, and PCI DSS mandating TLS 1.1.  We have spent a lot of time and effort ensuring that our own systems are well managed, and it is important that our suppliers are able to keep pace with changes in how we want to use encryption. This has led us to start including requirements for encryption within procurements.
Read more

S/MIME Certificates For Digitally Signing Emails

Simon Cooper
13 February 2018 at 2:34pm
S/MIME
SSL
jcs
certificates
email
We're pleased to announce that from today the service can provide end user certificates, which are used for digitally signing and encrypting emails. These are called S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates. S/MIME are installed on email clients which then enable the end user to send digitally signed emails, giving recipients assurances that the email originated from the sender's account. By signing emails, recipients can also have confidence that the contents of the email has been been altered in transit.
Read more

Request S/MIME Certificate

Simon Cooper
Monday, January 23, 2017 - 16:13
S/MIME
Certificate Service
jcs
SSL
Once you have the appropriate certificate credit on your organisation's Certificate Service account, you can proceed and request the required S/MIME email certificate, by clicking on the 'Request Certificate' tab in the JCS portal. The following steps apply: Request Certificate 1. Is the certificate for a primary or secondary school? Note: S/MIME certificates are not available for school owned domains.
Read more

Sub-LRA Agreement

Simon Cooper
Wednesday, November 25, 2015 - 09:58
jcs
SSL
Sub-LRA
certificate
Agreement
The Jisc's Certificate Service's Terms and Conditions (found here https://community.jisc.ac.uk/library/janet-services-documentation/jcs-terms-and-conditions) includes a Sub-Local Registration Authority agreement. This is an agreement between the organisation as a member of the Certificate Service and Jisc, which is required as part of the service supported by QuoVadis CA, as the Certificate Authority signing issued certificates.
Read more
16 November 2015 at 4:27pm

HSTS, captive portals and .x1

James Davis
wifi
802.1x
encryption
https
SSL
HSTS
HTTP Strict Transport Security (HSTS) allows a site to specify that not only should all future references and requests to the site use HTTPS rather than HTTP, but that if any failures to encrypt traffic to or from the site occur, access to the site should be completely blocked by the browser. Even with manual intervention, the user is unable to click past the errors and continue to the site.
Read more
27 July 2015 at 4:18pm

Are you managing encryption?

James Davis
encryption
SSL
TLS
certificates
sha1
logjam
heartbleed
Information Security
iso27001
Recent news has nicely coincided with my drafting of an encryption policy as part of our Information Security Management System. “Logjam” joins a growing number of vulnerabilities in cryptosystems such as Heartbleed, BEAST and POODLE.
Read more
22 December 2014 at 12:07pm

Protecting Users and Systems in 2015

Andrew Cormack
security
Privacy
SSL
TLS
web filtering
The steady growth in the use of encrypted communications seems likely to increase next year given recent announcements on both web browsers and servers. That's good news for security people worried that their users may be sending sensitive information such as passwords and credit card numbers over the Internet.
Read more

SHA-1 and Google Chrome

Simon Cooper
20 November 2014 at 4:56pm
SSL
certificate
SHA-1
jcs
SHA-1 and Google Chrome: 20 November 2014 On 18 November Google released Chrome 39 which will now result in users visiting web services secured with SHA-1 certificates that expire in 2017 being shown a grey padlock with a yellow warning triangle, instead of the usual recognisable green padlock.
Read more
Subscribe to SSL