News

Current CA / B Forum approved regulations state that certifying authorities must ensure that requests for SSL certificates received either from domain owners themselves or from those who is in charge of managing this domain. Generally, domain name verification done by creating a DNS TXT record with a specific value or by loading code to a specific location of the site. This confirms the fact of domain ownership.

In some cases, such as when SSL certificate not correctly installed on the server, following warning message will appear in the browser: an error has occurred while connecting to www.site.com. SSL received a weak ephemeral key Diffie-Hellman in the handshake message "Exchange keys server." (Error code: ssl_error_weak_server_ephemeral_dh_key).

Fraudsters attacked bank users by finding vulnerabilities in the security system of one of the largest Brazilian banks. Hackers were using Let's Encrypt certificates to create phishing website clones.

As of 2018 a new requirement of the CA/B Forum will be applied: the maximum validity period of SSL-certificates will be limited to 24 months. CA/B Forum is an industry regulation body that creates and adopts rules related to the procedures of issuance and verification of SSL certificates.

Google Chrome developers after recent investigation concerning Symantec issued SSL certificates have come to a conclusion that Symantec mis-issued over 30000 certificates in a past few years.