https://www.xolphin.com/news/ en Mon, 20 Apr 2026 11:39:45 +0200 Xolphin 30 ... https://www.xolphin.com/news/Changes_related_to_Code_Signing_certificates Thu, 04 May 2023 15:09:17 +0200 In October last year it was announced that at the initiative of Apple, the validity term of S/MIME certificates would be limited to 2 years from April 1 this year.It now appears that the maximum permitted validity term is 3 years. This can be deduced from Apple's new guidelines for S/MIME certificates that will come into ... https://www.xolphin.com/news/Limitation_of_the_duration_of_SMIME_certificates_cancelled Thu, 03 Feb 2022 14:06:41 +0100 As of July 1, 2022, Sectigo will stop using the OU fields in its certificates. This change is the result of a policy change by the CA/Browserforum, which no longer allows the use of the OU field in its guidelines as of September 1, 2022. What is the OU field? OU stands for Organizational Unit, this is a field ... https://www.xolphin.com/news/OU_fields_deprecated_in_Sectigo_certificates_as_of_1_July Wed, 26 Jan 2022 14:26:42 +0100 After previous limitations in the validity term of SSL certificates, the validity term of e-mail or S/MIME certificates is now also limited to two years. S/MIME certificates are used for email signing and encryption, as well as for client authentication and signing Office documents. What exactly will change? Apple has announced a change in the term of ... https://www.xolphin.com/news/Limitation_validity_term_SMIME_certificates Wed, 27 Oct 2021 11:31:34 +0200 From now on you can request eIDAS Qualified Website Authentication Certificates, in short QWAC, from Xolphin. These SSL certificates provide very reliable authentication of natural persons and organizations. In addition to TLS encryption, QWACs provide optimal certainty that behind a website or server is a natural or legal person who can be identified with reliable information. The issuer of the ... https://www.xolphin.com/news/QWAC_now_also_available_at_Xolphin Wed, 27 Oct 2021 10:45:31 +0200 At the beginning of August this year, Logius, the ICT management organization of the Dutch government, announced that it would stop offering publicly trusted SSL certificates by this year. These certificates are used by government organizations, but also, for example, in healthcare and by energy companies and transporters, for website identification and setting up a secure TLS connection. What is ... https://www.xolphin.com/news/PKIoverheid_stops_issuing_publicly_trusted_SSL_certificates Tue, 05 Oct 2021 14:29:46 +0200 Changes to domain validation have been announced, which will take effect before the end of this year. This concerns changes in the file validation. This change is only relevant if you use file validation as the method for Domain Control Validation to request SSL certificates. What is Domain Control Validation? Domain Control Validation (DCV) is the process by which a ... https://www.xolphin.com/news/Changes_in_Domain_Control_Validation_procedure Wed, 01 Sep 2021 14:29:51 +0200 Following the previous changes to the display of HTTPS in Chrome and other browsers, Google is now going a step further in Chrome: phasing out the well-known padlock in the address bar on secure websites. What is the cause? A secure HTTPS connection is now indicated in all browsers by a lock icon in the address bar. Research by ... https://www.xolphin.com/news/Google_starts_experimenting_with_removing_padlock_in_Chrome_browser Wed, 11 Aug 2021 14:48:50 +0200 The CA / Browser forum has tightened the requirements for code signing certificates. From June 1, 2021, a minimum key size of 3072 bits is required. At the moment the minimum key size is 2048 bits. The reason for this is to improve security in order to be better prepared for future technological progress that enables extra computing power. In this ... https://www.xolphin.com/news/Increased_key_length_code_signing_certificates_from_June_1 Fri, 07 May 2021 09:51:17 +0200 In OpenSSL, frequently used software for setting up HTTPS connections, two vulnerabilities have recently been found that can lead to reduced accessibility of websites. Do you use OpenSSL? Check your OpenSSL version so that you can update quickly if necessary. What exactly is going on? An example proof-of-concept exploit was published on the widely used platform Github at ... https://www.xolphin.com/news/Vulnerabilities_found_in_OpenSSL Thu, 01 Apr 2021 14:52:45 +0200 Recently, the Dutch National Cyber ​​Security Center (NCSC) has adjusted its security guidelines, among other things with the advice to switch to the TLS 1.3 encryption protocol. This protocol is more resistant to (future) attack techniques and is also easier to configure securely than its predecessor TLS 1.2. Encryption protocols are used to set up a ... https://www.xolphin.com/news/Transition_to_TLS_1.3 Wed, 27 Jan 2021 16:32:40 +0100 Last year Sectigo introduced the Web Security Platform, a solution that protects websites against almost all online threats. From now on, the Sectigo Web Security Platform is also available via Xolphin. This extensive and automated security platform offers you a fully customized web security package - both with and without an SSL certificate. Wat is the Sectigo Web Security Platform? The ... https://www.xolphin.com/news/Sectigo_Web_Security_Platform_available_now Tue, 19 Jan 2021 12:52:34 +0100 By Maarten Bremer, Xolphin founder Today marks a major milestone for Xolphin as we announce that we have been acquired by our long-standing partner and the world's leading Certificate Authority (CA), Sectigo. We have enjoyed a successful partnership with Sectigo for nearly 20 years. Together, we have made this strategic move to continue building on our two companies' ... https://www.xolphin.com/news/A_New_Chapter_for_Xolphin Wed, 02 Dec 2020 14:01:10 +0100 From now on you can request SSL certificates from Sectigo on a subscription basis. With Subscription SSL you can enjoy the benefits of an SSL certificate with a longer validity period, despite the industry-wide limitation of the maximum validity period. Limitation of validity period As announced earlier this year, most browsers will no longer accept SSL certificates with a ... https://www.xolphin.com/news/Subscription_SSL_allows_longer_validity_period Tue, 08 Sep 2020 13:15:44 +0200 As previously announced, the validity period of SSL certificates will be further limited to 1 year as of September 1st, 2020. Apple was the first browser to announce that as of September 1st, 2020, it will limit the term of accepted SSL certificates to 398 days. Recently, Google and Mozilla also announced that they will no longer accept newly issued ... https://www.xolphin.com/news/Limitation_of_SSL_validity_to_1_year_is_near Tue, 14 Jul 2020 09:34:48 +0200 As previously announced, the Sectigo AddTrust External CA Root certificate expired on May 30, 2020. Because all Sectigo certificates have been cross-signed with the newer UserTrust RSA Certification Authority root for some time now, this change only has consequences when using outdated systems. What is the cause? SSL certificates are signed by a root certificate from a CA, such ... https://www.xolphin.com/news/Sectigo_AddTrust_External_CA_Root_has_expired Sun, 31 May 2020 15:10:34 +0200 In November 2017, it was announced that Symantec had sold its SSL division to DigiCert. From that moment on, all Symantec brands, namely Symantec, Thawte, GeoTrust and RapidSSL, were covered by DigiCert. These brands have been issued by DigiCert since 2017. Now they go a step further: the Symantec SSL brand becomes DigiCert SSL as of April 30, 2020. The ... https://www.xolphin.com/news/Symantec_SSL_continues_as_DigiCert_SSL_after_April_30 Thu, 30 Apr 2020 17:03:16 +0200 The year 2018 was a turning point for the use of SSL, with HTTPS becoming the standard. This trend has continued - In October 2019 no less than 94% of all visited web pages in Chrome were loaded on all platforms via HTTPS. Next to positive, these developments also have unintended negative consequences that grow steadily. What else happened in 2019, ... https://www.xolphin.com/news/HTTPS_growth_continues_and_changes_in_browser_display Mon, 30 Mar 2020 16:28:59 +0200 At the end of 2018, Mozilla and Google announced to phase out support for the outdated encryption protocols TLS 1.0 and TLS 1.1. by early 2020. However, due to the current situation with COVID-19 (Corona), they have decided to postpone the phasing out of TLS 1.0 and 1.1 in Firefox and Chrome for the time ... https://www.xolphin.com/news/Phasing_out_TLS_1.0_and_TLS_1.1_in_Chrome_and_Firefox_postponed Mon, 30 Mar 2020 12:05:07 +0200 Apple is going to limit the allowed validity of SSL certificates to a maximum of 13 months. From September 1, 2020, certificates with a duration of more than 13 months are no longer supported in the Safari browser. Chances are that other browsers will also start applying this measure, despite the fact that a proposal for an industry-wide change ... https://www.xolphin.com/news/Apple_takes_the_lead_in_limiting_the_duration_of_SSL Tue, 25 Feb 2020 13:19:05 +0100 It has recently become known that a number of Sectigo EV certificates contain information that is not allowed. These certificates must be replaced at very short notice in order to remain trusted by browsers. This development has no impact on the safety of the affected certificates, but it does mean that many organisations have to replace their certificates very quickly ... https://www.xolphin.com/news/Replacement_of_Sectigo_EV_certificates Tue, 21 Jan 2020 13:19:40 +0100 As of December 15, 2019, Sectigo will change the use of OU fields for all new Sectigo certificates. From this date, it is no longer permitted to include non-organization-related information in an OU field. What is the OU-field? OU stands for Organizational Unit, this is a field in the Subject information in an SSL certificate. The Subject ... https://www.xolphin.com/news/Change_in_use_of_OU-fields_in_Sectigo_certificates Thu, 19 Dec 2019 16:33:30 +0100 A lot is happening with regard to the display of HTTP and HTTPS by the different browsers. They are working on improving the recognisability of secure websites and the strive to HTTPS by default for some time now. Warnings for HTTP become more serious From version 70, the widely used web browser Mozilla Firefox will mark all webpages without HTTPS ... https://www.xolphin.com/news/Browsers_alter_the_display_and_notifications_for_SSL_certificates Thu, 15 Aug 2019 12:27:11 +0200 The Sectigo timestamping certificate expires on July 9, 2019, and has been replaced. After this date Java-code signed with this certificate will cause warnings. These warnings can be resolved by signing and timestamping the code again. What are the consequences? The expiry of the timestamping certificate only has consequences for Java-code signed before March 4, 2019. This may ... https://www.xolphin.com/news/Resign_Java_code_by_expired_Sectigo_timestamping_certificate Wed, 22 May 2019 17:14:18 +0200 Many developments have happened in the international SSL market as well as at Xolphin. 2018 was a turning point for the use of SSL: for the first time ever, there are more secure websites than insecure websites. Early last year, a large increase of HTTPS use was expected, leading to secure connections being the new standard. One year later, this ... https://www.xolphin.com/news/Expected_increase_of_HTTPS_in_2018_realized Tue, 22 Jan 2019 14:38:57 +0100 From November 1st, Comodo CA is called Sectigo. This applies to the company name, but also to all brand- and productnames. To ensure a smooth transition, the coming year 'Sectigo, formerly known as Comodo CA', will be used. Why this change? Last year Comodo's certificate division was acquired by Fransisco partners. Since then, the certificate division is called Comodo ... https://www.xolphin.com/news/Comodo_CA_continues_as_Sectigo Wed, 31 Oct 2018 13:46:00 +0100 Apple, Microsoft and Google announced they will cease support of the encryption protocols TLS 1.0 and 1.1 from early 2020.  Because the use of these protocols for setting up a secure connection is minimal, the impact will probably be low. What will change exactly? From early 2020 the internet protocols TLS 1.0 and 1.1 won’... https://www.xolphin.com/news/End_support_for_TLS_1.0_and_TLS_1.1 Fri, 19 Oct 2018 12:46:39 +0200 As previously communicated, the browsers slowly cease their trust in Symantec SSL certificates. For all Symantec, Thawte and GeoTrust certificates issued before 1 December 2017, the final exchange deadline of 23 October is now approaching fast. You can renew your certificates free of charge so that they remain trusted by the browsers. What's the planning? Google Chrome ceases trust ... https://www.xolphin.com/news/Final_exchange_deadline_Symantec,_Thawte_and_GeoTrust_certificates_approaches_fast Tue, 25 Sep 2018 12:37:19 +0200 The popular Google Chrome browser version 68 was released at the end of July. From this version, all websites without an HTTPS connection show an 'unsafe' message informing visitors that the connection is not secure - a change that can have a lot of impact when we look at the current situation.   Warning becomes more serious This change is a ... https://www.xolphin.com/news/Chrome_now_warns_for_all_unsecured_websites Thu, 16 Aug 2018 15:16:43 +0200 From early 2017 Chrome shows a green ‘Secure’ notification for all websites that have an HTTPS connection. They recently announced that this notification will not be shown anymore as of September this year. By then, only EV certificates will show a positive indicator. Research from the Dutch news organisation NOS shows that the current notifications cause confusion and that ... https://www.xolphin.com/news/Chrome_removes_secure_notification Wed, 06 Jun 2018 13:48:01 +0200 On May 25th, 2018 the new European privacy law takes effect,  called the General Data Protection Regulation (GDPR). Exactly what will change for you as a customer, and in terms of SSL? Why this new law? A lot has been written about it: the GDPR, which replaces the seperate national Data Protection laws from all European member states based ... https://www.xolphin.com/news/Changes_caused_by_new_European_privacy_law Thu, 17 May 2018 16:53:36 +0200 Researchers have found a vulnerability in the most common techniques for email encryption: PGP and S/MIME. This announcement was published under the name EFAIL. You can continue to use S/MIME for encrypted email, but it is advisable to adjust a number of settings in your email software and to update as soon as possible. What does the vulnerability ... https://www.xolphin.com/news/Vulnerability_found_in_email_encryption_technique Mon, 14 May 2018 17:12:24 +0200 From now on it is prohibited to alter company data in a Comodo certificate after issuance. Comodo applied this policy change to all Comodo certificates. Why these changes? For altering certificate data, re-validation and issuance of a certificate is necessary. Limiting these options will reduce the chance for errors, and should result in a faster issuance process and enhanced ... https://www.xolphin.com/news/Altering_company_data_not_allowed_anymore_in_Comodo_certificates Fri, 23 Mar 2018 16:15:30 +0100 In recent years the Xolphin team has expanded considerably. That is why, after months of hard work, we are moving to a new office in Alkmaar per monday, March 26th. Why are we moving? From the start in 2002 Xolphin has grown steadily. Due to our focus on fast, high quality and multilingual service and the growing demand for SSL ... https://www.xolphin.com/news/Xolphin_moves_to_Alkmaar Fri, 23 Mar 2018 16:04:12 +0100 Google announced that Chrome version 68, expected by July 2018, will display all websites without an SSL certificate as insecure. What will change, exactly? From July this year, Google Chrome will no longer mark a page as insecure based on whether it contains input fields or not. Instead, a warning will be displayed on all pages that do not use ... https://www.xolphin.com/news/Chrome_will_mark_all_sites_without_HTTPS_as_not_secure_from_July Fri, 09 Feb 2018 13:31:19 +0100 In 2017, we’ve put a lot of effort into renewing Xolphin’s ISO 27001:2013 and WebTrust certification, as well as achieving the ISO 9001:2015 certification. We are glad to announce that we received all three certifications from Ernst & Young on December, 14. What are ISO certifications? ISO 27001:2013 is the international ISO standard for information ... https://www.xolphin.com/news/ISO_certification_renewed_and_extended_with_9001_and_WebTrust Wed, 31 Jan 2018 13:07:51 +0100 The guidelines for issuing SSL certificates will be tightened from March 1. From this date onwards, the CA / Browser forum allows a maximum validity period of 825 days (approximately 27 months) for all SSL certificates. Applying for certificates with a longer duration is no longer possible from that time. What does this mean for new applications? This change applies to ... https://www.xolphin.com/news/Maximum_validity_period_SSL_certificates_becomes_2_years Fri, 19 Jan 2018 14:53:52 +0100 Since December 2017 SSL certificates from Symantec, GeoTrust and Thawte are being issued by DigiCert. Due to the deadlines set by browsers, millions of certificates worldwide have to be validated and issued again. As a result, the delivery time of Symantec, GeoTrust and Thawte certificates is currently longer than usual. All Symantec, GeoTrust and Thawte certificates issued before the 1st ... https://www.xolphin.com/news/Delayed_delivery_of_Symantec,_GeoTrust_and_Thawte_SSL_certificates Wed, 13 Dec 2017 17:32:01 +0100 Today, Fransisco Partners announced they have purchased a share in Comodo Group’s Certificate Authority division. Comodo products and brands will remain maintained. What has changed exactly? Comodo has sold a majority share of their certificate division to US-based technology investment firm Francisco Partners. Comodo’s Certificate Authority division will operate independently to expand and optimize their SSL certificate ... https://www.xolphin.com/news/Investment_firm_purchases_majority_stock_in_Comodo_certificate_division Tue, 31 Oct 2017 17:20:20 +0100 Google Chrome has increased the warnings shown to users when visiting insecure HTTP websites without an SSL certificate as of version 62. Chrome has been showing such warnings since January 2017 for fields related to passwords, credit card data and the like. In the new version, Chrome shows this warning for any insecure field. Which warnings were already shown? Starting ... https://www.xolphin.com/news/Google_Chrome_intensifies_warnings_for_insecure_HTTP_websites Tue, 24 Oct 2017 11:26:01 +0200 On September 11th 2017 - Google published their final plan for the discontinuation of the support of Symantec SSL certificates, in which they also mentioned the role of DigiCert. The issue between Symantec and Google Due to several incidents with Symantec certificates over the last few years, Google has lost trust in Symantec’s PKI infrastructure. The aim of the following ... https://www.xolphin.com/news/Google_Chrome_timeline_for_Symantec_SSL_discontinuation Mon, 09 Oct 2017 12:26:53 +0200 Late March 2017 Google announced their plan to take measures against Symantec, which would lead to a lot of issues for the support of Symantec certificates in Google Chrome. Following this announcement, both parties created various proposals on how to solve the situation. Google just announced their final proposal regarding the support of Symantec certificates in Google Chrome. In reaction ... https://www.xolphin.com/news/Google_discontinues_supporting_Symantec_certificates,_Symantec_sells_SSL_division_to_DigiCert Thu, 03 Aug 2017 17:27:52 +0200 The CA/Browser Forum has specified new rules for domain validation, which will affect the way domain control is checked before issuing certificates. Comodo announced the implementation of these rules at short notice - they will be implemented by July 20th 2017. The adjustments will primarly affect the alternative validation methods CNAME and file validation. These adjusted CA/B Guideliness will ... https://www.xolphin.com/news/Comodo_changes_domain_validation Thu, 29 Jun 2017 16:51:43 +0200 Last March, Google announced to take measures against Symantec, affecting SSL certificates issued by Symantec in Google Chrome. On May 19, a collective proposal has been published, reducing risk for users of Symantec certificates as well as retaining Google Chrome users’ safety. Since the end of May, many conversations have been held regarding the proposals. The entire discussion can ... https://www.xolphin.com/news/Google_and_Symantec_approaching_a_resolution Wed, 07 Jun 2017 14:46:36 +0200 Xolphin has new general terms, which replace the old general terms. What has changed? The previous terms were outdated and have been entirely rewritten. The new terms are more readable and explanations about new products like vulnerability scans have been added. The terms and conditions are available in multiple languages and can be downloaded in PDF easily. There is also ... https://www.xolphin.com/news/New_General_Terms Wed, 07 Jun 2017 14:33:23 +0200 Since thursday night the 11th of May, Comodo suffered from a serious database disruption for quite some time, which made it impossible the execute their CA activities. Due to this they weren’t able to process Comodo requests. By now the disruption has been resolved and the work resumed. What was going on? Comodo uses a database, located in multiple, ... https://www.xolphin.com/news/Problem_with_issuance_of_certificates_due_to_disruption_at_Comodo_resolved Fri, 12 May 2017 09:55:04 +0200 In response to recent incidents at Symantec, Google has announced they will be taking measures affecting certificates issued by Symantec. They have announced plans to stop showing Symantec Extended Validation certificates as Extended Validation as well as adjusting the validity period for Symantec certificates. What happened at Symantec? In the past months, it has become known that Symantec issued ... https://www.xolphin.com/news/Google_announces_measures_against_Symantec Fri, 24 Mar 2017 10:35:41 +0100 SHA-1 certificates vulnerable to impersonation in theory is nothing new. Back in 2014, shifting to the new SHA-2 algorithm was already being encouraged. Today, a Dutch researcher cracked SHA-1 in practice. What does this mean? After years of research, Dutch researcher Marc Stevens from CWI Amsterdam (Research Institute for Mathematics and Computer Science) cracked the SHA-1 ... https://www.xolphin.com/news/Vulnerability_in_SHA-1_proven Thu, 23 Feb 2017 17:35:38 +0100 Google recently announced they will make Certificate Transparency mandatory from October 2017. SSL certificates issued after this date have to comply to the Certificate Transparancy demands, otherwise they will be displayed as untrustworthy. What is Certificate Transparency? Certificate Transparency is an open source system that registers SSL certificates and was developed by Google since 2013. In the classic PKI model ... https://www.xolphin.com/news/Google_requires_Certificate_Transparency Tue, 13 Dec 2016 15:15:34 +0100 Problems arose today with GlobalSign’s SSL certificates. Visitors of websites secured with GlobalSign certificates may see incorrect errors informing them that the certificates have been revoked. Background The problem is caused by the fact that GlobalSign changed the way their root certificates are signed. By removing a connection between two of these root certificates, browsers see this as the ... https://www.xolphin.com/news/Problems_with_GlobalSign_certificates Thu, 13 Oct 2016 21:16:54 +0200 Google has announced that it will be marking websites that process sensitive information without HTTPS as “non-secure” in Chrome from January 2017. This is part of Google’s goal to adopt HTTPS as the new standard. What will change, exactly? The security indicators have already been updated in the current version of Chrome, version 53, in order to ... https://www.xolphin.com/news/Google_will_label_HTTP_sites_as_non-secure_from_January Fri, 09 Sep 2016 12:33:58 +0200 Research has shown that the current security indicators used by browsers to warn visitors against non-secure websites are not clear enough. Google will therefore introduce new icons for its Chrome browser. Chrome user statistics revealed that visitors did not respond (enough) to warnings. Warning the visitor against unreliable or non-secure websites is pointless if visitors do not understand ... https://www.xolphin.com/news/Google_changes_icons_in_Chrome Wed, 07 Sep 2016 15:05:30 +0200 The Xolphin SSL Module for WHMCS makes it easy to sell, request and manage all types and brands of SSL certificates directly from WHMCS. The module is now available free of charge to all Xolphin resellers! What is WHMCS? WHMCS is a commonly used all-in-one tool for client management, invoicing and support for online organisations. WHMCS allows you ... https://www.xolphin.com/news/WHMCS_module_now_available Mon, 29 Aug 2016 13:35:27 +0200 To easily request and manage SSL certificates, you can use an API. In addition to the existing SOAP API, we now also offer a REST API and a Comodo API. You can also use webhooks to automatically report application status updates. Advantages of an API The major advantage of an API is that you can use it to order certificates ... https://www.xolphin.com/news/Xolphin_SOAP_API_moved_and_expanded_with_REST_and_Comodo_API Fri, 15 Jan 2016 11:44:37 +0100 Google Chrome has announced that it will stop supporting the hashing algorithm SHA-1. SHA-2 is the follow-up to SHA-1 and set to become the new standard, since SHA-1 certificates are no longer considered to be secure. Google, Microsoft and Mozilla want to block SHA-1 from January 2017 at the latest, although they are considering ... https://www.xolphin.com/news/Browsers_impose_transition_to_SHA-2 Thu, 14 Jan 2016 16:05:03 +0100 Onderzoekers hebben een nieuwe kwetsbaarheid gevonden in het SSL protocol, de zogenaamde FREAK-bug. Hoewel deze bug al jarenlang aanwezig is, is hij pas zeer recent ontdekt. Aanvankelijk zouden met name producten en software van Apple en Google kwetsbaar zijn vanwege het gebruik van oudere versies van OpenSSL. Inmiddels blijken ook Windows PC's en alle browsers behalve Firefox kwetsbaar ... https://www.xolphin.com/news/FREAK_beveiligingslek_in_OpenSSL Wed, 04 Mar 2015 15:07:53 +0100