Blogging Techstacks

Poor DigiCert.  I am really starting to feel sorry for them.  First, there was a lot of search engine confusion over whether there was a link between DigiNotar's recent breach and DigiCert. (There isn't)  Now, there is news that a Malaysian firm named Digicert Sdn Bhd has had to revoke some of its root certificates due to successful reverse engineering of keys.  Here's the press release from DigiCert Inc., which states there is no affiliation between these two firms.

So, to recap, DigiCert Inc., a Certificate Authority that uses "digicert" in its logo and using web site address "www.digicert.com" has no affiliation with Digicert Sdn Bhd, who is a Certificate Authority who also appears to be using "digicert" it its logo and uses web site address "www.digicert.com.my".

Those scamps at VeriSign must be the life of parties!  What could be more hilarious than selling a three year certificate chained to an intermediate certificate that expires in only one year?  How about providing four days notice of the impending expiration of that intermediate certificate?

For folks wondering why their Global/Secure Site Pro certificate-secured sites are in browser-warning mode today, VeriSign posted the following support article on October 20, 2011.  In an article titled "Old "www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97" Intermediate CA Certificate will expire on October 24, 2011" (I know, I know...4 days notice...vague article title...)

In a nutshell, if your certificate is no longer trusted because of the October 24, 2011 Intermediate certificate expiration, you need to replace that certificate with a new Intermediate cert.  This new one expires on October 24, 2016.

See this article on ABC News for more details as Belgium-based Certificate Authority GlobalSign has temporarily ceased ssl certificate issuance in the wake of the announcement yesterday from comodohacker that he(?) has managed to breach 4 other major CAs. GlobalSign was the only one of the four high-profile CAs specifically named.