Lightboard Lessons: SSL Certificates Behaving Badly

In the world of secure websites, it's critical to maintain proper ownership of the certificate that helps protect your site.  Certificates hold the encryption keys that allow users to securely interact with your site.  When a certificate expires or changes ownership, it is important (and even required) that it be revoked and replaced with a new, updated certificate.  This ensures that the current owner of the certificate is the only one who can offer legitimate access to that specific website. 

Some really smart guys (Ian Foster and Dylan Ayrey) found what they have termed "Bygone SSL" where one person can hold a valid certificate for a website that someone else owns!  This interesting phenomenon is not necessarily a result of nefarious behavior, but rather the reality of how certificates work today.  In this video, John explains the issue and outlines the reason this is happening.  Enjoy!


 

Related Resources:

Published Oct 29, 2018
Version 1.0

Was this article helpful?

4 Comments

  • It's probably me, but the lightboard lessons are now requiring a Google Apps account to view.

     

  • It's probably me, but the lightboard lessons are now requiring a Google Apps account to view.

     

  • @rob_carr...interesting. I'm able to view them without the Google Apps account. Is it forcing you to use Google Apps only for the DevCentral Lightboards? Or, does it make you use it for all YouTube videos? Thanks for the feedback!