Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Linux Digiserve or Symmentic?
And then why the fuck did they have private key? Or Digiserve is immbeciles? -
@Linux Ok, now from computer.
Browsers decide to stop trusting Symantec certificates, so Digicert bought their business as CA. Now Trustico sent the PK to Digicert and hence all certificates signed by this key became insecure! -
Linux434907y@yendenikhil
Trustico fucked up, Digicert did what they should do - rewoke the certs. -
dxdy1037yThis is why you should generate your own CSR and private key (openssl/other GUI tools), and send ONLY the CSR to the CA for signing.
-
@dxdy agreed, but people (tech and non tech) want convenience over security, also if I remember correctly trustico wanted the private keys for certificate revocation, though why don't they use crl is what I don't understand!
Related Rants
Trustico CEO emailed private key which is used to sign TLS certificates, making more than 23k certificates compromised!
This makes me think, that we should not trust others for our security (like ca), failure of CA can put our website at risk. What is the better way to do it?
https://arstechnica.com/information...
rant
https
fuck
tls
vulnerability