Rajesh Kannan
asked on
TLS has become a very visible issue on Horizon root certificate file and now has executive level focus.
This TLS issue will belongs to SSL certificate or any changes we need to update on our server. Please assist me on this on high priority .
Regards
Rajesh
Regards
Rajesh
Adam Brown
The only changes you need to make are to make sure the certificate you're using for TLS is signed with SHA2 or later and disable TLS 1.0 and all SSL versions. https://www.nartac.com/Products/IISCrypto has a utility that will help you disable the affected protocols. Only TLS 1.1 and 1.2 should be enabled on any Windows Server that hosts web pages.
You're not explaining things..
TLS stands for transport layer security.. which has really nothing to do with your certificate, TLS and the available encryption modes don't care about the certificates Hash algorithm, your key length or the key usage.
use nartac iis crypto to set the protocols, ciphers, hashes and key exchange algorithms
if your certificate is SHA1 then you need to update it since SHA1 Hash Algorithm is depreciated especially with web servers ( browsers will flag it as being not secure)
TLS stands for transport layer security.. which has really nothing to do with your certificate, TLS and the available encryption modes don't care about the certificates Hash algorithm, your key length or the key usage.
use nartac iis crypto to set the protocols, ciphers, hashes and key exchange algorithms
if your certificate is SHA1 then you need to update it since SHA1 Hash Algorithm is depreciated especially with web servers ( browsers will flag it as being not secure)
You're leaving out a huge amount of information required for people to assist you.
And, that said, it appears what you're saying is some company named Horizon holding the root cert in your issuer chain has been compromised.
If so, this is very simple to fix.
Use https://LetsEncrypt.org to generate all your certs, which are free + managed hands free on the command line.
When a company like Horizon is inept enough to have their certs compromised...
1) Likely best to avoid them forever, to skip any repeats.
2) If they don't fix this quickly, browsers will drop support for them + their certs will stop working anyway.
https://LetsEncrypt.org resolves both these issues.
And, that said, it appears what you're saying is some company named Horizon holding the root cert in your issuer chain has been compromised.
If so, this is very simple to fix.
Use https://LetsEncrypt.org to generate all your certs, which are free + managed hands free on the command line.
When a company like Horizon is inept enough to have their certs compromised...
1) Likely best to avoid them forever, to skip any repeats.
2) If they don't fix this quickly, browsers will drop support for them + their certs will stop working anyway.
https://LetsEncrypt.org resolves both these issues.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.