Two security researchers Mike Zusman, and Alexander Sotirov have discussed possible attacks involving EV SSL Certificates at the tenth annual CanSecWest conference. Details are sparse but more will be released soon.
Are you looking for free SSL Certificates? Most sites should buy a trusted certificate from a well-known Certificate Authority to capitalize on browser compatibility and the high assurance of commercial providers. Still, there are many places where free SSL Certificates will work just fine.
Leading Enterprise Certificate Management Service allows control and immediate issuance of Extended Validation (EV) SSL
VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world, today announced significant milestones achieved by Extended Validation (EV) SSL on the second anniversary of EV's launch.
SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate.
Moxie Marlinspike presented on a "new" way of attacking SSL at the Black Hat security conference on Wednesday. His tool, called SSLstrip, exploits the interface between http and https sessions using techniques that have existed for years. How does it work and what is the solution?
Who watches the watchers? Every Certification Authority undergoes a stringent audit called the AICPA/CICA WebTrust Program for Certification Authorities which ensures that they are following certain procedures and security policies.
Press release about the growth of Go Daddy in the SSL Certificate market.
Press release about DigiCert's Unified Communications and Wildcard products and their Easy CSR Command Generators.
It seems that no one is immune to letting an SSL certificate expire. Not even VeriSign, the largest provider of SSL certificates.