Strap in for this one: A bizarre mess in the world of security certificates has resulted in over 23,000 SSL certificates revoked in one fell swoop, accusations of malpractice and legal threats. As to why the conflict started in the first place, we don’t exactly know. Early Wednesday, thousands of customers began receiving emails from the security firm DigiCert saying their SSL certificates were being revoked because of a security compromise at Trustico. Trustico, a SSL reseller, quickly and emphatically denied that any compromise took place. In response, DigiCert began posting numerous private keys — after the impacted certificates were changed — as proof of compromise. Here’s the Wednesday morning email that started everything: @digicert can you please explain the email I received from rapidssl/digicert blaming @MrTrustico for the revocation of my certs in 24hrs due to them reporting a compromise of the private keys? Where’s the proof of the report/breach? Why are […]
The post Trustico revokes 23,000 SSL certificates due to compromise appeared first on Cyberscoop.
Continue reading Trustico revokes 23,000 SSL certificates due to compromise→