• English
• Japanese

• Home
• Products
• Download
• Support
• About
• Contact

Our Response to DigiNotar Problem

DigiNotar Problem

As already reported widely in IT media worldwide, this certification authority was compromised and made to issue hundreds of fraudulent digital certificates. Because of its huge impact on the digital certificate infrastructure, most browser vendors have decided to disable or remove DigiNotar's root CA certificate in their respective product. Mozilla.org's decision is explained on this blog post.

 

How Kousec Certificate Manager is Impacted by Incident

Like many software products, Kousec Certificate Manager has its own sets of trusted CA ceritificates, which can be fully administered by the user. Our product has a set of functionalities like definining multiple "trust sets", excluding particular root CA certificates, and building a trust set from scratch with very small number of trusted CA certificates. The install-time default of trust set in Kousec Certificate Manager version 1.1.0 and earlier had DigiNotar root CA certificates as trusted. Since version 1.1.1, this particular root CA is excluded and the install-time default list is synchronized with mozilla.org's latest trusted CA list.

 

Trust CA Sets are Fully Customizable

You can exclude or add any CA to a trusted CA set. Below is an example of excluding DigiNotar root CA certificate from the Default Trust set. (In version 1.1.1 and later, this particular CA is not in the list.)

• Open the Trusted CA Set screen
• Open the "Default-Trust" set
• In "System Defined CAs", look for a CA named "DigiNotar". When found, click the check box on the right of the row.
• Click button "Exclude Marked CAs"
• THIS STEP IS CRITICAL: click the "Go Back" button to the previous screen. Click the "Save and Merge CAs" buton.

 

Screenshot while editing System Defined CAs

 

 

Summary

• In version 1.1.1, Install-time default trusted CA system file (kcertmgr-install-default-v1_0.pem) is synchronized with latest mozilla.org CA list. You can also update or replace the default trusted CA system file with one from another source.
• In version 1.1.1, the product is enhanced so that in Trusted CA index screen, the time stamp of when the CA list file is last updated (merged) is shown.
• You can create any trust CA set in Kousec Certificate Manager to suit your requirements.

 

Download the Latest Software

Download Kousec Server Certificate Manager

 

More Information on Kousec Server Certificate Manager

Product Information Page

Top of the page

• Copyright 2009 Kousec Software, Inc. All right reserved.
• Site Map
• About
• Privacy Policy