|
|
|
|
|
|
by Crosseye_Jack
3560 days ago
|
|
|
> issuing a SHA-1 certificate to a payment processor that failed to upgrade their systems in time Its ok, its just a temp workaround... /s - https://tyro.com/blog/merchant-security-is-tyros-priority/ Tyro don't say when they got their SHA-1 cert from StartCom but say they needed this workaround because some of their customers still ran POS software on old operating systems such as Windows XPSP2 and that "internet security standards are moving faster than typical small merchants upgrade their systems." > "We reached out in good faith to certificate authorities to provide a few months runway to resolve this big challenge in a way that had minimal impact on merchants."... To me this would be ringing so many alarm bells, why would my current CA tell me they can not issue a SHA-1 cert but StartCom say they can? (I believe they got issued the SHA-1 cert after the cutoff because of the details in the document Mozilla have supplied and that we are no longer a few months into 2016 so their need for a "few months runway" was way off) Yes it would mean my customers POS systems would still function but I'm sure as hell would be asking questions about its issuance. EDIT: Tyro have removed their StartCom SHA-1 cert from https://iclient.tyro.com/ and its now supplying a RapidSSL cert issued in May of this year but yesterday they were serving a StartCom SHA-1 cert on their iclient subdomain. |
|
|