fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

You Have Two Days Left To Purchase 2-year TLS/SSL Certificates

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj?si=nytzAjvSR4qBqTbLP6pgKA

You Have Two Days Left To Purchase 2-year TLS/SSL Certificates

SSL

If you are looking to purchase a 2-year TLS or SSL certificate, you have only two days left before all new certificates will have a maximum 397 day validity period.

Web browser and operating system developers, such as Apple, Microsoft, Firefox, and Google, will no longer consider 2-year TLS/SSL certificates issued on or after September 1st to be valid.

Instead, all new TLS/SSL certificates issued after September 1st, 2020, will only be allowed to have a maximum validity period of 13 months (397 days).

This new restriction means that if you want to purchase a 2-year expiration certificate, you need to do it within the next two days.

 

Apple restricted the certificate age, everyone else followed

Security professionals and browser developers have been pushing to reduce the validity of TLS/SSL certificates from two years to one year for some time.

The reasoning behind the lower validity period is primarily for security and to prevent unauthorized users from using certs for too long:

  • Allows greater agility when phasing out certificates when vulnerabilities are discovered in encryption algorithms
  • Limits a website’s exposure to compromise as private encryption keys would be changed regularly. If a private TLS certificate is stolen, a one-year validity will limit the amount of time that a threat actor could use.
  • Prevents hosting providers or third parties from using a certificate for a long time after a domain is no longer used or has switched providers.

Certificate authorities, though, wanted nothing to do with the change and kept pushing back on the suggestion.

Apple finally got fed up and unilaterally decided that they would no longer consider TLS/SSL certificates with validity periods greater than 397 and issued on or after September 1st, 2020, as valid.

After Apple made this decision, Mozilla and Google came on board and announced that they would be following Apple’s lead on this change.

This decision ultimately forced certificate authorities to begrudgingly agree to the change in maximum validity periods.

Also read: Top 5 Importance Of Website Maintenance Singapore

 

What does this mean for you?

If you have existing TLS/Certificates with a validity period of greater than one year, you do not have to worry about them, and they will continue to remain valid.

If you purchase an SSL or TLS certificate after September 1st, it will only be valid for 13 months or 397 days.

Some SSL certificate providers, such as Sectigo and Digicert have already stopped issuing certificates with a 2-year validity 

Others are stopping at the end of August 31st, 2020.

Due to this, if you wish to purchase a TLS or SSL certificate that has a validity period of 2 years, you need to do it by September 1st, 2020, which is two days away.

After September 1st, you will still be able to purchase a certificate for multiple years, but this is essentially prepaying to receive a discount. You will still need to issue a new certificate every year.

Administrators forgetting to renew a certificate has led to numerous outages as of late, including one that led to an underreporting of COVID-19 cases in California and a Spotify outage.

For those looking for an automated approach to renewing certificates and automatically applying them to your web services, you can use Let’s Encrypt for free certificates and EFF’s CertBot to automate their installation and renewal.

Also read: Unbelievable Facts About NRIC Check Digit Algorithm

https://www.youtube.com/watch?v=30eI59FlBdk

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us