Vulnerability in Let’s Encrypt ACME TLS-SNI-01 Validation

An interesting read about how a vulnerability in Let’s Encrypt ACME TLS-SNI-01 validation led to being able to issue SSL certificates for any domain desired. Let’s Encrypt has Disabled ACME TLS-SNI-01 Validation for now. How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting Click the link above to read the full…

Read More

New Digicert Root Intermediate Certificates For All Symantec SSL Products

Effective on December 1, 2017, all newly issued Symantec SSL certificates (including GeoTrust, RapidSSL, Thawte, and Symantec) will now use a new Digicert signed intermediate certificate. Digicert recently acquired the certificate business from Symantec. Symantec was penalized by Google due to security issues with regards to properly vetting SSL certificates in the past. Google Chrome…

Read More

TLS 1.0 PCI Deadline – June 30, 2018

The payment card industry (PCI) council has set a deadline of June 30, 2018 to no longer have support for TLS 1.0 (an insecure SSL Protocol). After this date, any website allowing TLS 1.0 and wanting to be PCI compliant will no longer be compliant. What is TLS? TLS is a security protocol that allows…

Read More

New Website and Testing System Live!

We’re excited to unveil the new Why No Padlock website and testing system! It’s been a long time in the works, but we’ve finally revamped the site and the technology behind it to bring you: improved testing better SSL error detection easier to understand reports more tests/checks for common issues Give it a try, and…

Read More