How do I know my secure certificate is safe from vulnerabilities?
Our Certificate Authority validates the identity of an entity purchasing an SSL certificate. The Certificate Authority does so by validating documentation provided by the requestor. The Certificate Authority then digitally signs the certificate using a hash function.
A hash function, when combined with the certificate, creates a standard length digital signature that should be unique. Three common hash functions are MD5, MD2, and SHA-1. With the MD5 and MD2 functions, individuals with the appropriate knowledge and computing power can recreate another digital signature to match the original. If this happens, an unsuspecting user could unknowingly be redirected to another site.
Most Certificate Authorities realize the weakness in MD5 and MD2 and use the hash function called SHA-1 which, to date, no one has been able to break. As a user, you should be suspect of SSL enabled sites that use MD5 or MD2.
As a further security measure, we do not allow null bytes in common names and manually review all requests containing either "\" or "/" to prevent misuse.
To determine what type of SSL certificate a site is using, see Determining the type of SSL certificate a website is using.