Hacker News with Generative AI: Certificates

The Slow Death of OCSP (feistyduck.com)
Everybody is talking about OCSP now because, just last month, at the end of 2024, Let’s Encrypt announced it was going to stop supporting online certificate revocation checking.
Security, Certificates, Internet Security
65 points by speckx 2 days ago | 12 comments
Honest Ahmed (2011) (mozilla.org)
This is a request to add the CA root certificate for Honest Achmed's Used Cars and Certificates. The requested information as per the CA information checklist is as follows:
Security, Certificates, Root Certificates
110 points by bitneuker 14 days ago | 46 comments
Six day and IP address certificate options in 2025 (letsencrypt.org)
This year we will continue to pursue our commitment to improving the security of the Web PKI by introducing the option to get certificates with six-day lifetimes (“short-lived certificates”). We will also add support for IP addresses in addition to domain names. Our longer-lived certificates, which currently have a lifetime of 90 days, will continue to be available alongside our six-day offering.
Security, Web PKI, Certificates, Domain Names, IP Addresses
197 points by SGran 16 days ago | 158 comments
Certificate Profile Selection (Let's Encrypt) (letsencrypt.org)
We are excited to announce a new extension to Let’s Encrypt’s implementation of the ACME protocol that we are calling “profile selection.” This new feature will allow site operators and ACME clients to opt in to the next evolution of Let’s Encrypt.
Security, Web Development, Certificates, Let's Encrypt, ACME Protocol
9 points by soheilpro 23 days ago | 0 comments
Let's Encrypt to end OCSP support in 2025 (scotthelme.co.uk)
Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is going to drop support for the Online Certificate Status Protocol.
Security, Certificates
25 points by janandonly 29 days ago | 8 comments
Short-Lived Certificates Coming to Let's Encrypt (schneier.com)
Security, Let's Encrypt, Certificates
6 points by gnabgib 46 days ago | 0 comments
Let's Encrypt: 2024 Annual Report [pdf] (abetterinternet.org)
Security, Cybersecurity, Nonprofit, Certificates
10 points by dfern 52 days ago | 1 comments
ICP-Brasil: Mis-issued certificate (mozilla.org)
ICP-Brasil: Mis-issued certificate
Security, Certificates, Brazil
61 points by cipherboy 61 days ago | 3 comments
A Brazilian CA trusted only by Microsoft has issued a certificate for google.com (agwa.name)
Security, Google, Certificates, Brazil
482 points by sanqui 62 days ago | 215 comments
Just want simple TLS for your .internal network? (github.com/nh2)
Safely shareable TLS root CA for .internal networks using Name Constraints
Security, .NET, Networks, TLS, Certificates
245 points by nh2 106 days ago | 141 comments
Avoiding downtime: modern alternatives to outdated certificate pinning practices (cloudflare.com)
In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated.
Security, Web Development, Best Practices, Cloud Computing, Certificates
45 points by cpach 125 days ago | 36 comments
iOS 18 breaks IMAPS self-signed certs (apple.com)
iOS, Security, Email, Certificates
118 points by mmd45 136 days ago | 148 comments
Nvd.nist.gov cert expired yesterday and uses HSTS (nist.gov)
Security, Websites, Certificates
15 points by SuperSandro2000 152 days ago | 8 comments
All I Know About Certificates – Certificate Authority (pixelstech.net)
Security, Certificates, Technology, Digital Certificates
139 points by thunderbong 186 days ago | 26 comments
DigiCert Revocation Incident (CNAME Domain Validation) (digicert.com)
Security, Domain Validation, Certificates, Cybersecurity
141 points by vitaliyf 186 days ago | 49 comments
Intent to end OCSP service (letsencrypt.org)
Security, Internet Security, Certificates, SSL/TLS
415 points by soheilpro 193 days ago | 143 comments
Telekom Security: Revocation delay for TLS certificates (mozilla.org)
Security, TLS, Certificates
54 points by MaKey 197 days ago | 15 comments
Telekom Security: Revocation delay for TLS certificates (mozilla.org)
Security, TLS, Certificates
7 points by asimops 197 days ago | 0 comments
Letsencrypt Supports Wildcard Certificates (letsencrypt.org)
Security, Certificates, Domain Names, Web Development, Internet
52 points by metadat 199 days ago | 19 comments
Microsoft forgot to renew their Office CDN certificate (reddit.com)
Microsoft, Security, Certificates, Software
57 points by 4ggr0 218 days ago | 19 comments
Entrust Certificate Distrust (googleblog.com)
Security, Cryptography, Certificates, Trust
278 points by iancarroll 219 days ago | 111 comments
Build a tiny certificate authority for your homelab (smallstep.com)
Homelab, Security, Cryptography, Certificates
11 points by fanf2 261 days ago | 1 comments
We ensure Cloudflare customers aren't affected by LE's certificate chain change (cloudflare.com)
Security, Cloudflare, Internet Security, Certificates, Let's Encrypt
36 points by stanleydrew 293 days ago | 16 comments