sunhux
asked on
Symantec SSL cert's risk & remediation
Q1:
Is the following a valid risk & any CVSS rating assigned to it?:
Symantec SSL certificates are rated by Google & Mozilla as risky & recommends to deprecate them prematurely even before its expiry; URL:
https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates
Q2:
Which other vendors' SSL certs would you recommend to replace Symantec's?
Q3:
if we don't replace, what are the mitigating controls we can put in place?
Can it wait till Oct 2018 to remediate?
Is the following a valid risk & any CVSS rating assigned to it?:
Symantec SSL certificates are rated by Google & Mozilla as risky & recommends to deprecate them prematurely even before its expiry; URL:
https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates
Q2:
Which other vendors' SSL certs would you recommend to replace Symantec's?
Q3:
if we don't replace, what are the mitigating controls we can put in place?
Can it wait till Oct 2018 to remediate?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@kevinhsieh I don;t follow what you are saying about letsencrypt, >99.99% of browser users do not check who issued the certificate, justthat there _is_ a certificate, I certainly don't follow what you mean by "scammers".
For author advice