Hacker News with Generative AI: Certificates

Six day and IP address certificate options in 2025 (letsencrypt.org)
This year we will continue to pursue our commitment to improving the security of the Web PKI by introducing the option to get certificates with six-day lifetimes (“short-lived certificates”). We will also add support for IP addresses in addition to domain names. Our longer-lived certificates, which currently have a lifetime of 90 days, will continue to be available alongside our six-day offering.

Security, Web PKI, Certificates, Domain Names, IP Addresses

185 points by SGran 2 days ago | 145 comments

Certificate Profile Selection (Let's Encrypt) (letsencrypt.org)
We are excited to announce a new extension to Let’s Encrypt’s implementation of the ACME protocol that we are calling “profile selection.” This new feature will allow site operators and ACME clients to opt in to the next evolution of Let’s Encrypt.

Security, Web Development, Certificates, Let's Encrypt, ACME Protocol

9 points by soheilpro 8 days ago | 0 comments

Let's Encrypt to end OCSP support in 2025 (scotthelme.co.uk)
Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is going to drop support for the Online Certificate Status Protocol.

Security, Certificates

25 points by janandonly 15 days ago | 8 comments

Short-Lived Certificates Coming to Let's Encrypt (schneier.com)

Security, Let's Encrypt, Certificates

6 points by gnabgib 32 days ago | 0 comments

Let's Encrypt: 2024 Annual Report [pdf] (abetterinternet.org)

Security, Cybersecurity, Nonprofit, Certificates

10 points by dfern 37 days ago | 1 comments

ICP-Brasil: Mis-issued certificate (mozilla.org)
ICP-Brasil: Mis-issued certificate

Security, Certificates, Brazil

61 points by cipherboy 47 days ago | 3 comments

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com (agwa.name)

Security, Google, Certificates, Brazil

482 points by sanqui 48 days ago | 215 comments

Just want simple TLS for your .internal network? (github.com/nh2)
Safely shareable TLS root CA for .internal networks using Name Constraints

Security, .NET, Networks, TLS, Certificates

245 points by nh2 92 days ago | 141 comments

Avoiding downtime: modern alternatives to outdated certificate pinning practices (cloudflare.com)
In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated.

Security, Web Development, Best Practices, Cloud Computing, Certificates

45 points by cpach 111 days ago | 36 comments

iOS 18 breaks IMAPS self-signed certs (apple.com)

iOS, Security, Email, Certificates

118 points by mmd45 121 days ago | 148 comments

Nvd.nist.gov cert expired yesterday and uses HSTS (nist.gov)

Security, Websites, Certificates

15 points by SuperSandro2000 138 days ago | 8 comments

All I Know About Certificates – Certificate Authority (pixelstech.net)

Security, Certificates, Technology, Digital Certificates

139 points by thunderbong 172 days ago | 26 comments

DigiCert Revocation Incident (CNAME Domain Validation) (digicert.com)