RealTime IT News

Millions of SSL Certificates Invalid: Study

SSL certificates are a popular means of securing Web transactions. But is the technology always being implemented correctly?

As eSecurityPlanet reports, SSL certificates can be generated for any domain name. It's also considered to be a best practice that the name on the SSL certificate matches the name of the domain on which the SSL certificate is being used. But are these SSL certificates being configured correctly? A researcher at Qualys revealed some preliminary information he's gathered in preparation for a talk on the subject at the Black Hat conference later this summer.


It should be no surprise that the SSL security certificate business is big business, considering how SSL certificates are seen as being on the frontlines of securing Web transactions against fraud. But new data suggests that SSL certificates are not all being configured correctly.

Security research firm Qualys is attempting to paint a detailed picture of SSL deployments and their shortcomings with a new, still under-development study that aims to deliver a deeper degree of information on the state of the SSL marketplace than what is currently known.

Read the full article at eSecurityPlanet:
SSL Certificates In Use Today Aren't All Valid