GlobalSign

Last updated
GlobalSign
Company type Private company
Industry Computer security, Internet security, public-key credential issuance
Founded Belgium (1996;28 years ago (1996))
Headquarters
City of Brussels   OOjs UI icon edit-ltr-progressive.svg
,
Belgium  OOjs UI icon edit-ltr-progressive.svg
Number of locations
13 regional offices (2021)
Area served
Worldwide
Products
  • TLS certificates, two-factor authentication solutions, managed PKI solutions
Parent GMO Internet
Website www.globalsign.com

GlobalSign is a certificate authority and a provider of internet identity and security products. [1] As of January 2015, Globalsign was the 4th largest certificate authority in the world, according to Netcraft. [2]

Contents

History

GlobalSign was founded in Belgium in 1996 and acquired in 2007 by GMO group in Japan (formerly GeoTrust Japan). [3]

In September 2011, as a precaution, GlobalSign suspended issuing authentication certificates temporarily after an anonymous hacker going by the name "ComodoHacker" claimed to have compromised their servers, as well as those of other certificate authorities. [4] The company took the claim seriously enough to halt the signing/issuing of new certificates while investigating the claims; it resumed issuing certificates a week later. [5] Dutch security company Fox-IT was contracted to analyze the breach and GlobalSign released a security incident report. [6] On December 13, 2011 GlobalSign released its final report on the incident.

The report concluded that while GlobalSign's own web server was breached and the certificate of this server was stolen, due to the air gap separating this web server from the certificate-issuing machine (the one holding the company's root certificate), there was no evidence of any rogue certificates issued or any customer data exposed, thus the remedial actions were limited to cancelling their own web server's certificate and patching its software. [5] [6] Sophos's Chester Wisniewski summarized the report and GlobalSign's response to the incident on his blog and concluded "Not only is the report thorough and convincing, but it appears that GlobalSign took every action, exactly as they should have, both during and after the incident." [7]

As of January 2015, Globalsign was the 4th largest certificate authority in the world according to the Netcraft survey. [2] GlobalSign was the first CA to improve revocation checking for HTTPS pages through the use of a CDN, [8] and the company was also the first to offer IPv6 compliant revocation services ("CRL"). [9]

In 2018, GlobalSign became a Qualified Trust Service Provider (QTSP) under the eIDAS regulation in both the European Union and the United Kingdom. [10] In 2021, after the UK left the EU, GlobalSign was approved as the UK's first QTSP. [11]

Services

GlobalSign's services include managed PKI platform, S/MIME certification, TLS certificates, and a cloud-based certificate manager that integrates with Microsoft's AD and user account certifications. [12]

The company also provides certificates to authenticate IoT to address authentication needs in the Internet of Everything (IoE) market and to identity management as a cloud-based service. [13] Its PKI services can scale based on the velocity, variety, and volume of IOT platforms, and can manage the identities of millions of devices. [14]

In November 2012, GlobalSign launched an online service that allows website administrators to confirm that they have correctly configured TLS across their websites and receive actionable guidance on how to remediate any faulty or exploitable TLS configurations. [15]

The company has offices in the US, Europe and throughout Asia.

In 2012, GlobalSign released its free SSL Configuration Checker. [16] [17] This tool lets websites check the effectiveness of their TLS configuration and provides remediation steps for websites that want to improve. [16] [18]

In 2013, the company introduced its Auto Enrollment Gateway solution (AEG). [19] Using AEG, companies can automate PKI management, certificate provisioning and deployment. [19] The platform integrates with Windows Active Directory. [19]

In 2018, GlobalSign released its IoT Identity Platform. [20] It uses PKI as its identity mechanism and is used in industries including manufacturing, agriculture, smart grid, payments, IoT gateways, and healthcare. [20] One of the features of the platform is IoT Edge Enroll, which companies use to provision and manage the PKI-based identities. [20] Edge Enroll provides device Registration Authority (RA), certificate lifecycle management and other support services. [21] The platform also includes IoT CA Direct and IoT CA Connect. [21]

In May 2022, the latest version of the company's AEG platform was released. [22] It automatically configures S/MIME certificates in Outlook for Windows using GlobalSign's cross-platform agent, XPA. [22] XPA sets policies, and automatically enrolls, provisions, and installs certificates. [22]

Acquisition

In 2014 GlobalSign acquired Helsinki-based Ubisecure Solutions, Inc., a privately held identity and access management (IAM) software developer. [23] Ubisecure was spun out of GlobalSign in 2016. [24] [25]

Industry Affiliations

See also

Sources and references

  1. "GlobalSign and Infineon Join Forces to Strengthen IoT Trustworthiness". www.iiotnewshub.com. Retrieved 2022-09-22.
  2. 1 2 "SSL Survey". Netcraft. Archived from the original on 2020-10-30. Retrieved 2020-07-15.
  3. "Outlook Series | GlobalSign To Compete With VeriSign". outlookseries.com. Archived from the original on 2022-10-06. Retrieved 2022-10-06.
  4. BBC News - GlobalSign stops secure certificates after hack claim Archived 2023-07-13 at the Wayback Machine . Bbc.co.uk (2011-09-07). Retrieved on 2013-07-26.
  5. 1 2 Whittaker, Zack. "Unpatched server led to GlobalSign breach". ZDNet. Archived from the original on 2023-06-26. Retrieved 2020-09-09.
  6. 1 2 Steve Waite (2011-12-13). "Security Incident Report" (PDF). Archived from the original (PDF) on 2019-03-23.
  7. Chester Wisniewski (2011-12-15). "Google and EFF propose improvements to HTTPS as GlobalSign releases CA breach report". Archived from the original on 2023-06-04. Retrieved 2012-08-14.
  8. "CloudFlare Partners With GlobalSign To Make Loading Secure Web Pages Up To 6 Times Faster. TechCrunch (2012-11-01). Retrieved on 2013-07-26". Archived from the original on 2023-06-06. Retrieved 2017-06-25.
  9. GlobalSign First CA to Offer Certificate Revocation Status Services over IPv6 Archived 2017-05-20 at the Wayback Machine . Thewhir.com (2013-03-13). Retrieved on 2013-07-26.
  10. "GlobalSign achieves Qualified Trust Service Provider Recognition in Europe". Oct 22, 2018. Archived from the original on October 1, 2022. Retrieved October 1, 2022.
  11. "UK: ICO approves first UK eIDAS qualified trust service provider". July 28, 2021.
  12. Strom, David (2022-05-19). "How to choose a certificate management tool". CSO Online. Archived from the original on 2022-11-07. Retrieved 2022-11-07.
  13. "How to deal with IoT challenges through abstraction". 7 April 2016. Archived from the original on 7 November 2022. Retrieved 7 November 2022.
  14. Strom, David (2022-05-19). "How to choose a certificate management tool". CSO Online. Archived from the original on 2022-12-02. Retrieved 2023-01-05.
  15. "GlobalSign SSL Configuration Checker Provides Guidance to Reduce Cybercriminals' Ability to Exploit Faulty SSL Configurations". 2012-11-15. Archived from the original on 2023-03-14. Retrieved 2017-01-15.
  16. 1 2 Kovacs, Eduard (2013-05-31). "50% of Sites Using GlobalSign SSL Configuration Checker Improved Security in 30 Minutes or Less". softpedia. Archived from the original on 2022-11-14. Retrieved 2022-11-14.
  17. admin (2013-05-30). "GlobalSign Releases Findings of GlobalSign SSL Configuration Checker Evaluation for Q1 of 2013". Web Hosting | Cloud Computing | Datacenter | Domain News. Archived from the original on 2022-11-14. Retrieved 2022-11-14.
  18. admin (2013-05-30). "GlobalSign Releases Findings of GlobalSign SSL Configuration Checker Evaluation for Q1 of 2013". Web Hosting | Cloud Computing | Datacenter | Domain News. Archived from the original on 2022-11-14. Retrieved 2022-11-14.
  19. 1 2 3 Kovacs, Eduard (2013-08-22). "GlobalSign Automates Management of Digital Certificates with Auto Enrollment Gateway". softpedia. Archived from the original on 2022-11-23. Retrieved 2022-11-23.
  20. 1 2 3 News, Industry (2018-06-26). "GlobalSign launches IoT Identity Platform addressing IoT device security requirements". Help Net Security. Archived from the original on 2022-11-30. Retrieved 2022-11-30.{{cite web}}: |last= has generic name (help)
  21. 1 2 News, Industry (2018-06-26). "GlobalSign launches IoT Identity Platform addressing IoT device security requirements". Help Net Security. Archived from the original on 2022-11-30. Retrieved 2022-12-02.{{cite web}}: |last= has generic name (help)
  22. 1 2 3 "GlobalSign Ready S/MIME feature enables users to secure email certificates". Help Net Security. May 11, 2022. Archived from the original on December 21, 2022. Retrieved December 21, 2022.
  23. greg (2014-09-30). "Finland's Ubisecure acquired by GMO Globalsign for IoT Identity - ArcticStartup". Archived from the original on 2022-10-25. Retrieved 2022-11-14.
  24. "GlobalSign IAM is now Ubisecure Inc". November 30, 2016. Archived from the original on March 14, 2023. Retrieved June 18, 2020.
  25. greg (2014-09-30). "Finland's Ubisecure acquired by GMO Globalsign for IoT Identity - ArcticStartup". Archived from the original on 2022-10-25. Retrieved 2022-10-25.
  26. "Members". CAB Forum. Archived from the original on 2015-01-24. Retrieved 2022-12-15.
  27. 1 2 "GlobalSign joins the Certificate Authority Security Council to upgrade internet security". thepaypers.com. Archived from the original on 2022-12-15. Retrieved 2022-12-15.
  28. Murphy, Ian (2019-02-27). "GlobalSign joins Microsoft ISA for mobile security". Enterprise Times. Retrieved 2022-12-15.
  29. 1 2 Jacob, Marc (2022-12-15). "GlobalSign rejoint le Cloud Signature Consortium et devient membre du programme de partenaires en signatures cloud Adobe". Global Security Mag Online (in French). Retrieved 2022-12-15.

Related Research Articles

<span class="mw-page-title-main">HTTPS</span> Extension of the HTTP communications protocol to support TLS encryption

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.https://alweamtransport.com/

<span class="mw-page-title-main">Public key infrastructure</span> System that can issue, distribute and verify digital certificates

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

<span class="mw-page-title-main">Internet Information Services</span> Extensible web server software by Microsoft

Microsoft IIS is an extensible web server created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTP/3, HTTPS, FTP, FTPS, SMTP and NNTP. It has been an integral part of the Windows NT family since Windows NT 4.0, though it may be absent from some editions, and is not active by default. A dedicated suite of software called SEO Toolkit is included in the latest version of the manager. This suite has several tools for SEO optimization with features for metatag / web coding optimization, sitemaps / robots.txt configuration, website analysis, crawler setting, SSL server-side configuration and more.

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, information about the identity of its owner, and the digital signature of an entity that has verified the certificate's contents. If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS, a protocol for securely browsing the web.

In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures.

<span class="mw-page-title-main">Web of trust</span> Mechanism for authenticating cryptographic keys

In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority. As with computer networks, there are many independent webs of trust, and any user can be a part of, and a link between, multiple webs.

In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

GeoTrust is a digital certificate provider. The GeoTrust brand was bought by Symantec from Verisign in 2010, but agreed to sell the certificate business in August 2017 to private equity and growth capital firm Thoma Bravo LLC. GeoTrust was the first certificate authority to use the domain-validated certificate method which accounts for 70 percent of all SSL certificates on the Internet. By 2006, GeoTrust was the 2nd largest certificate authority in the world with 26.7 percent market share according to independent survey company Netcraft.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

<span class="mw-page-title-main">IdenTrust</span> Digital certificate authority

IdenTrust, part of HID Global and headquartered in Salt Lake City, Utah, is a public key certificate authority that provides digital certificates to financial institutions, healthcare providers, government agencies and enterprises. As a certificate authority (CA), IdenTrust provides public key infrastructure (PKI) and validation for digital certificates, including TLS/SSL certificates, email security via S/MIME certificates, digital signature certificates, code signing certificates and x.509 certificates for protecting network and IoT devices.

The Certificate Management Protocol (CMP) is an Internet protocol standardized by the IETF used for obtaining X.509 digital certificates in a public key infrastructure (PKI).

The Online Certificate Status Protocol (OCSP) stapling, formally known as the TLS Certificate Status Request extension, is a standard for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved in providing Online Certificate Status Protocol (OCSP) responses by appending ("stapling") a time-stamped OCSP response signed by the CA to the initial TLS handshake, eliminating the need for clients to contact the CA, with the aim of improving both security and performance.

<span class="mw-page-title-main">DigiCert</span> Internet security company

DigiCert, Inc. is a digital security company headquartered in Lehi, Utah. DigiCert provides public key infrastructure (PKI) and validation required for issuing digital certificates or TLS/SSL certificates, acting as a certificate authority (CA) and trusted third party.

The Certification Authority Browser Forum, also known as the CA/Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser and secure email software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of X.509 v.3 digital certificates that chain to a trust anchor embedded in such applications. Its guidelines cover certificates used for the SSL/TLS protocol and code signing, as well as system and network security of certificate authorities.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

<span class="mw-page-title-main">Heartbleed</span> Security bug in OpenSSL

Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation in the implementation of the TLS heartbeat extension. Thus, the bug's name derived from heartbeat. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed.

A downgrade attack, also called a bidding-down attack, or version rollback attack, is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation in favor of an older, lower-quality mode of operation that is typically provided for backward compatibility with older systems. An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server. This is one of the most common types of downgrade attacks. Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade attacks, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks, as the initial redirect is not protected by encryption.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.