SSL Certificate

Alert ID: 
JMCIRT-AL-2019
Alert Date: 
Friday, May 17, 2019
Threat Level: 
High

 

SSL Certificate
Original release date: May 17, 2019
Jamaica CIRT has become aware that there are Government sites which do not have a SSL Certificate applied.
Overview

SSL (Secure Sockets Layer) certificates are small data files which allow for the encryption of data when being transferred from a web server to a browser. SSL certificates utilize a public and a private key, which work together to establish an encrypted connection. When installed on a web server, it activates the padlock and the https protocol which establishes that secure connection. SSL Certificates help to protect sensitive information such as user names, passwords and credit card information etc. It is urgent that SSL certificates be applied in order to:

  •  Ensure Authentication to confirm visitors are on the right website
  •  Ensure Data Integrity to make certain customer data cannot be corrupted or modified
  •  Encrypt sensitive information between servers to prevent interception
  •  Protect against hackers
  •  Increase Search Engine Rankings
  •  Prevent website blacklisting


Recommendations
• Ensure SSL certificate is from a trusted Certificate Authority
• Choose the correct trust level type of SSL certificate for your organizations needs
• Ensure SSL certificate covers all domains and pages
• Consider other website threats and vulnerabilities

This is an urgent call for all MDAs to implement SSL on all websites they manage whether there is personal data being collected or not. The JaCIRT is recommending that this be done by June 30, 2019.