VALIDITY OF SSL CERTIFICATES IN QUESTION!

No surprise that SSL security certificate business is big business considering how highly SSL certificates are seen as securing web transactions against frauds. But as per new reports, not all SSL certificates are being configured correctly.

A new, still under-development study from a highly reputed security research firm is an attempt to draw a detailed picture of SSL deployments and their shortcomings. Out of the 119 million domain names that were scanned for this survey, it?s found that only 92 million were active, approximately 12.4 million domains failed to resolve properly, and 14.6 million failed to respond. Among the active domains, nearly 34 million responded to the scan on both port 80, for HTTP, and port 443, for HTTPS - SSL-secured websites. Digging further into the active sites, it was declared that only about 23 million of the sites were actually running SSL.

The research also showed that it was not always the case that the name on the SSL certificate matched the name of the domain on which the SSL certificate was being used. A high proportion of SSL certificates, thus, were found to be completely invalid.

An aggressive approach for detecting invalid SSL certificates by a reputed security research firm produced these unpleasant results. This wide-scale research to collect information on how the SSL certificates are deployed and configured focusing on the total number of .com, .net, .org, .biz, .us, and .info domains amounting to 119 million domain names was carried out with a virtual machine that took two days running 2,000 threads in parallel to scan those millions of domain names.