Calendar Of Updates: Protection against unsafe SSL certificates - Calendar Of Updates

Jump to content


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Protection against unsafe SSL certificates

#1 User is offline   Mainer 

  • Dies Mercuri
  • PipPipPipPipPip
  • Group: Member - MVC
  • Posts: 935
  • Joined: 03-April 05

Posted 22 July 2008 - 02:17 PM

Https connections are often used to transfer important data, such as passwords, PINs, or credit card numbers. The browser ensures that the sender can be identified with a valid certificate and that the transferred data are encrypted. An error in the Debian Linux distribution has generated numerous certificates that are child's play to crack. Many servers still use these weak certificates, even though it is impossible to establish a secure connection using them. The heise SSL Guardian checks the SSL certificates and warns you when it detects a weak one.

http://www.heise-online.co.uk/security/Hei...features/111039

#2 User is offline   Celtic Ferret 

  • MVC (Most Vociferous CyberIncompetent)
  • PipPipPipPipPip
  • Group: Member - MVC
  • Posts: 780
  • Joined: 06-October 05

Posted 22 July 2008 - 03:42 PM

Very cool. They also have a test for your web site at
http://www.heise-onl...tools/chksslkey

On this WinXP box I had to allow packets to "Microsoft Corp, webresponse.one.microsoft.com" ( 131.107.65.14 ). [protocol: TCP - src: 3422 / dst: 80] in order to test a website.
--CF

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic