New SSL Server Rules Go Into Effect Nov. 1

SSLCAs will reject requests for internal SSL server certificates that don’t conform to new internal domain naming and IP address conventions.
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don’t conform to new internal domain naming and IP address conventions designed to safeguard networks.
The concern is that SSL server digital certificates issued by CAs at present for internal corporate e-mail servers, Web servers and databases are not unique and can potentially be

used in man-in-the-middle attacks involving the setup of rogue servers inside the targeted network, say representatives for the Certification Authority/Browser Forum (CA/B Forum), the industry group that sets security and operational guidelines for digital certificates. Members include the overwhelming bulk of public CAs around the globe, plus browser makers such as Microsoft and Apple.
“Even in an internal network, it’s possible for an employee to stand up a fake server,” says Rick Andrews, senior technical director for trust services at Symantec, explaining the new rules.

The problem today is that network managers often give their servers names like “Server1” and allocate internal IP addresses so that SSL certificates issued for them through the public CAs are not necessarily globally unique, notes Chris Bailey, general manager for Deep Security for Web Apps at Trend Micro.
“People rely on these internal names today,” Bailey says. But “if someone hacks in, they can set up a man-in-the-middle domain.”
The CA/B Forum three years ago reached the conclusion this was a significant security issue and nailed down new certificate-issuance guidelines they have been sharing with their customers. Now that the Nov. 1 deadline is getting closer, they are speaking out about it.
As of Nov. 1, network managers requesting internal SSL certificates from the public CAs will have to following these new guidelines. Network managers will need to ensure SSL server certificate requests are expressed in a way that they are associated with an external domain name, says Andrews. Some enterprises already use names that chain up to the company name, but “these are probably in the minority,” he adds.

How SSL Works….

How SSL Work

SSL

 

 

Enjoy! More Secure Web ahead.

Advertisements
This entry was posted in Computers and Internet, Security and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s