New SSL server rules go into effect Nov. 1

  • 26 July 2014
  • 1 reply
  • 704 views

Userlevel 6

Rules designed to thwart man-in-the-middle attacks; could mean extra work for IT shops

By Ellen Messmer July 24, 2014
 
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don’t conform to new internal domain naming and IP address conventions designed to safeguard networks.
 
The concern is that SSL server digital certificates issued by CAs at present for internal corporate e-mail servers, Web servers and databases are not unique and can potentially be used in man-in-the-middle attacks involving the setup of rogue servers inside the targeted network, say representatives for the Certification Authority/Browser Forum (CA/B Forum), the industry group that sets security and operational guidelines for digital certificates. Members include the overwhelming bulk of public CAs around the globe, plus browser makers such as Microsoft and Apple.
 
Full story

1 reply

Userlevel 7
Badge +56
That is good to know!

Reply