Blunder By UK Business Trustico Threatens 23,000 Website Certificates

A blunder by UK business Trustico has resulted in drastic action from RapidSSL who are immediately 23,000 website certificates around the world. Trustico accidentally emailed out customers private keys, which are meant to be kept secret at all times, compromising the security of all websites affected. In retaliation RapidSSL have announced that all of their Trustico certificates will be revoked by the end of today and, unless they are replaced, will render their respective websites useless. Nick Hunter, Senior Technical Manager at Venafi commented below.

Nick Hunter, Senior Technical Manager at Venafi:

“Bad things are more likely to happen anytime organisation allows a third party to manage their private keys. Organisations need to perform immediate risk assessments of their key and certificate management program, from issuance to revocation – and this incident proves why. The only way to protect yourself from these kinds of situations is to control key generation yourself using an automated, centralized key management solution.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.