Send a request

and we will call back to you soon

*fields are required



Notice of the office-working schedule during the Christmas holiday’s season

Dear LeaderTelecom customers, on behalf of all of our employees we warmly congratulate you with a long-awaited happy holidays – Christmas and New Year.

Please kindly note the following working schedule in our office:

  • December 25, 26 – closed;
  • January 1 – closed;

Let all the adversities pass by your house! Prosperity to you and good luck in the upcoming 2018!

Sincerely, LeaderTelecom.   


Google plans to remove support for HTTP Public Key Pinning (HPKP)

HTTP Public Key Pinning (HPKP) is a security standard that forces browsers to accept only certain "pinned" public keys when visiting a host for a fixed period of time. This feature was introduced by Google in 2015. However, it never gained popularity.

Chris Palmer wrote in the Chromium blog post that HPKP is dead. Google plans to remove support for HPKP. This is likely to take place in the release of Chrome 67 (planned release next May). Among the larger browsers, full support for HPKP has only been available in Chrome and Opera. Firefox started but never completed the deployment of HPKP support, and Apple and Microsoft never even began.

Chrome developers also plan to completely remove support for embedded PKP ("static pins"). This will be carried out by the time Chrome requires the implementation of Certificate Transparency for all public certificates. So far, no specific dates have been set for this decision.

Why did Google decide to abandon HPKP?

It all boils down to the fact that HPKP is an inconvenient way to perform several actions that are already perfectly implemented with the help of other mechanisms or protocols.

HPKP problems are as follows:

  • It is difficult to configure a set of pins that will be guaranteed to work, because all CAs and trust stores work differently.
  • There is a risk that the site will be disabled (due to the creation of an incorrect set of pins).
  • There is a risk of pinning an incorrect certificate: one that was issued by intruders.

According to Palmer, to protect against issuing incorrect certificates, web developers should use the Expect-CT header with its reporting capabilities. Expect-CT is more secure than HPKP, because you can recover from any configuration errors. Plus, Expect-CT has built-in support from many CA.

Subscribe to the updates of LeaderSSL to stay up to date with events from the world of online security and SSL.  


DigiCert closed a deal with Symantec to acquire an SSL business

On 31 October, DigiCert announced that the acquisition of Symantec's assets – PKI infrastructure and site security tools – had been closed for $950 million. The announcement of the deal appeared in the media on 3 August. DigiCert acquired the Symantec SSL business after the company was penalised by Google and other major browser vendors. As a result of the transaction, Symantec will take a 30% stake in DigiCert's share capital.

As noted by the CEO of DigiCert, John Merrill, some of the platforms used by Symantec were outdated, while the DigiCert infrastructure is more innovative and modern.

Features of the deal between Symantec and DigiCert

Symantec initially acquired the SSL/TLS certification business from VeriSign for $1.28 billion in 2010. The company also acquired brands such as Thawte, GeoTrust and RapidSSL.

The main impetus for the acquisition of DigiCert was the fact that Google publicly announced the revocation of trust in Symantec certificates. According to John Merrill, Google representatives approved the transfer of the release of SSL/TLS-certificates to the infrastructure of DigiCert.

Also John told that DigiCert hired a united support team for all Symantec SSL/TLS clients. Part of the plan is to keep existing customers, offering them the best service.

The acquisition of Symantec's SSL business is not the first deal made by DigiCert. In June 2015, the company acquired CyberTrust Enterprise SSL from Verizon Enterprise Solutions. John noted that they have developed solutions that helped with the integration of Symantec into the infrastructure of DigiCert.

As mentioned earlier, DigiCert will continue to operate from its headquarters in Lehi (Utah). The company plans to hire more than 1,000 specialists in additional offices in California, as well as in other countries around the world. As John Merrill noted, adding Symantec security solutions to sites will enable the company to expand its global reach.

Our specialists will do everything possible to make the transition to the new infrastructure as easy as possible, quickly and imperceptibly for customers. Also, various Symantec certificates are always available to buy in our store at favorable prices. 


Francisco Partners acquired the Comodo line from SSL

The business for the issuing Comodo certificates was acquired by Francisco Partners. News about it appeared on the same day as the announcement a deal closure between Symantec and DigiCert.

Melih Abdulhayoglu, founder and director of Comodo, noted that he only reduced his share in the business, and did not sell the entire business. It will allow the company to concentrate on other solutions in the field of cybersecurity.

Francisco Partners appointed Bill Holtz as CEO of Comodo CA. Previously, Bill worked as chief operating officer at Entrust. According to him, the main task for Comodo will be the expansion of the SSL certificate market. Despite the fact that Comodo already occupies a leading position in this market, the company’s brand is not so well recognised across the world. The company has managed to avoid the problems that have troubled its competitors. A serious breach related to the two resellers occurred only once in 2011, and since then the company has changed its business model to protect itself from such incidents.

Another appointment to the company’s managing board is Bill Connor, president and CEO of SonicWALL. SonicWALL is also owned by Francisco Partners. Naturally, SonicWALL has already announced that in the upcoming release wide support for Comodo certificates will be introduced. According to Bill Conner, Comodo CA's business may be rebranded in the future.

The certifying authority Comodo has issued more than 91 million certificates and has over 200,000 customers worldwide. The founder of Comodo Melih Abdulkhayoglu remains as a minority owner and observer on the board of directors.

LeaderSSL is an official partner of Comodo, so Comodo certificates are always available to buy in our store at favourable prices.


New TLS interception warnings added in Chrome 63

Beginning from Chrome 63 release, the browser will notify users about the TLS interception occurrence, which frequently takes place during MitM (Man-in-the-middle) attacks. The release of the Chrome 63 version is scheduled for December 5, 2017.

As we mentioned earlier, Google, Mozilla, Microsoft and other major browser developers are actively promoting HTTPS. Websites that decided to switch over to the HTTPS receive some advantages such as better ranking in search results, as well as a higher level of trust from visitors.

When TLS can be intercepted?

One of the common reasons for intercepting TLS is man-in-the-middle attack. In this case, the attacker acts as intermediary in the interaction between the server and the user. All transmitted data goes through the attacker, and during that stage, he can intercept, examine and easily manipulate received information in any desirable way.

Quite frequently, the user is not even aware that he was a victim of MitM-attack and all of his data is now passing through the "filter" of the attacker. Google's decision to add notifications of TLS interception will allow site administrators to act in a timely manner in order to fix existing security problems and proactively respond to potential security threats.

TLS can also be intercepted using MitM approach for a good reason. In this case, traffic interception performed for analyzing it for the presence of malicious requests and viruses. This practice is ambiguous and may not be appreciated; therefore, it is best to avoid it. In this case, Chrome will not display any warnings.

How to enable TLS interception warnings in Canary, dev versions of Chrome

You can enable TLS interception warnings right now, if you use the dev version of Chrome named Canary. This is done as follows:

  1. In the browser, select Properties.
  2. In the Target field, enter the following: "-enable-features = MITMSoftwareInterstitial".
  3. Save the changes.

Make sure you’ve subscribed to our newsletter in order to stay aware of all the latest news from the world of SSL and cybersecurity! Buy trusted SSL certificates from a credible store - LeaderSSL, to ensure you will not face any issues with your web sites.

Start a 14-day Free Trial

Try SSL certificate with a 14-day free trial and feel our great service It’s very easy to start - you don’t risk anything. If you will not like it, just dont pay after end of trial. No credit card required.

Are you ready to try?

Have any questions? Call us now +31 20 7640722

Leave your contact details to get the FAQ by email

A link to download the PDF version of the FAQ has been successfully sent to your email

Error sending mail. Please try again later.

*fields are required