Articles I've written

Check TLS certificate revocation with SSL Labs, crt.sh and OpenSSL

Browsers mostly don't check whether a HTTPS certificate has been revoked so maybe you'd like to do it manually. There are a few ways how to query an Online Certificate Status Protocol (OCSP) server so let's see some of them. You'll need a browser (and the openssl tool).

(read more…)

Maximum HTTPS certificate lifetime to be 1 year soon

Earlier this week at the CA/Browser Forum in Bratislava, Slovakia (and later officially), Apple has announced that starting September 1st, maximum TLS certificate lifetime in Safari (and probably in the whole macOS and iOS and all apps) will be just 1 year, 398 days exactly. That's very good news. But why?

(read more…)

All articles