Resultados 1 a 6 de 6
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Symantec sells TLS cert business to DigiCert

    Juha Saarinen
    Aug 4 2017

    Symantec has sold its troubled digital credentials business to private equity-backed firm DigiCert for US$950 million in cash.

    The deal means Symantec website security and private key infrastructure subsidiaries such as Thawte, RapidSSL, Verisign and Geotrust - which have around 14 percent of the transport layer certificate issuance market - will be merged with DigiCert, a relative minnow with just 2.2 percent market share.

    Symantec will hold a 30 percent stake in the merged business. The deal has been unanimously approved by the security vendor's board, and is expected to be complete early next year.

    DigiCert has been backed by private equity fim Thomas Bravo since 2015. The US-based company will grow its staff to 1000 with the acquisition of Symantec's TLS business.

    Symantec has been involved in a long-running feud with Google and other providers over its sloppy TLS certificate issuance practices.

    The security vendor was accused of issuing thousands of fake certificates which could have been used to impersonate high-profile websites such as Google properties.

    It resulted in Symantec-issued certificates being distrusted in Google's Chrome from next year.

    Symantec chief executive Greg Clark made no reference to the spat with Google, but said the sale of the TLS business would sharpen the security vendor's focus on the enterprise and cloud.

    “We carefully examined our options to ensure our customers would have a world-class experience with a company that offers a modern website PKI platform and is poised to lead the next generation of website security innovation," he said in a statement.

    "I’m thrilled that our customers will benefit from a seamless transition to DigiCert, a company that is solely focused on delivering leading identity and encryption solutions. Symantec is deeply committed to the success of this transition for our customers."

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    How Symantec solved browser trust issue for its SSL certificates

    DigiCert hopes it can convince browser developers to continue trusting Symantec-issued SSL certificates

    Peter Sayer
    Aug 3, 2017

    Symantec has found a way to make a dispute with Google over the validity of its TLS and SSL certificates go away -- and get paid almost US$1 billion in the process.

    Browser developers including Google had raised questions about way Symantec issued SSL certificates, and have threatened to stop recognizing them, a move that could hurt Symantec's customers and worry visitors to the websites using the affected certificates.

    Now Symantec has sold its certificate authority (CA) business to DigiCert for US$950 million and a 30-percent stake in the smaller company, leaving DigiCert to pick up the pieces and implement plans to fix Symantec's issuance procedures.

    DigiCert addressed the issue of browser trust of Symantec certificates head-on in a short news release announcing the acquisition.

    "We feel confident that this agreement will satisfy the needs of the browser community," it said, adding that the company was communicating its intentions to browser developers and would continue to work with them as it closed the transaction.

    The most vocal of Symantec's critics has been Google. Over the last two years or so it has repeatedly criticized Symantec's procedures for issuing the certificates, which are intended to secure and authenticate communications between websites and browsers, among other applications.

    In March, Google accused Symantec of mis-issuing at least 30,000 such certificates, potentially allowing attackers to masquerade as legitimate websites.

    Of particular concern are so-called Extended Validation (EV) certificates, for which issuers are supposed to take additional actions to authenticate the identity of the entity requesting them. Their purpose is to give website visitors additional confidence that the site is legitimate. Browsers display authenticated identity -- a company name, for example -- in the address bar alongside the URL of the certified site, in place of the padlock icon that would indicate the site had a regular certificate.

    Faced with the prospect of recontacting millions of its customers to renew their certificates ahead of schedule, and revalidating the identity of EV certificate holders, Symantec chose to hand the problem to DigiCert.

    Compared to Symantec DigiCert is a tiny player, with a share of the SSL certificate issuance market of 2.2 percent compared to Symantec's 14 percent, according to W3Techs. Netcraft puts Symantec's share of the stricter organization validation certificates at 30 percent and of EV certificates at 40 percent.

    DigiCert is set to become much larger, though: Before the acquisition, DigiCert had around 225 staff in the U.S.; after, according to Symantec, DigiCert's workforce will balloon to over 1,000.

    Web browsers automatically trust certificates issued by Symantec and companies like it, but Google has begun steadily scaling back the level of trust in its Chrome browser for older certificates issued by Symantec, a process which will result in security warnings when Chrome users visit some websites.

    Over the next year Google plans to issue warnings for more and more of the certificates issued under what it considers insecure processes.

    SSL certificates issued are valid for a fixed period, unless revoked, and Google's initial plan, announced in March, was to begin by distrusting certificates with a validity of over 33 months in Chrome 59, the current version, ratcheting that down to just 9 months in Chrome 64, due early next year. This would have had the effect of requiring all certificates to be reissued after April 2017 in order to continue working with Chrome.

    Last week Google's Chrome team accepted a proposal from Symantec to reissue all certificates by Dec. 1, 2017, linking them to a new root certificate held by an independent Managed Partner Infrastructure. That proposal, however, makes no reference to a pending sale of Symantec's certificate business.

    Pressure on certificate authorities to clean up their act is coming from other directions too. Last year the Certificate Authority Security Council issued new requirements for certificate issuers to get their processes up to scratch.

    Although the most visible role of the certificates is in securing access to websites, they can also used to identity servers to embedded devices in the internet of things, to secure connections to cloud computing services, and to encrypt traffic from smartphone apps.

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    The deal includes the brands Thawte, GeoTrust and RapidSSL

    Seven years after acquiring the SSL/TLS certificate business from VeriSign, Symantec sells the business unit to DigiCert.

    Sean Michael Kerner
    August 03, 2017

    Symantec it is selling its website security and public key infrastructure (PKI) technologies to DigiCert for $950 million in cash and a 30 percent stake in DigiCert's common stock equity. The deal is set to close in the third quarter of fiscal year 2018.

    Symantec's website security and PKI business includes the Secure Sockets Layer/Transport Layer Security (SSL/TLS) security certificate business unit that Symantec originally acquired from VeriSign for $1.28 billion in 2010. The business unit also includes SSL/TLS certificates sold under the associated brands of Thawte, GeoTrust and RapidSSL.

    DigiCert itself was acquired by private equity firm Thoma Bravo and TA Associates in August 2015. Thoma Bravo is no stranger to Symantec either, having sold Blue Coat, which it had acquired in March 2015, to Symantec in June 2016 for $4.65 billion.

    "DigiCert is solely focused on providing leading SSL and PKI solutions," Symantec CEO Greg Clark said during his company's first-quarter 2018 earnings call.

    Symantec reported first-quarter fiscal 2018 revenue of $1.17 billion for a $33 percent year-over-year gain.

    "With this transaction, we believe DigiCert will have the resources needed to lead the next generation of global website security," Clark said. "We will receive a minority ownership stake in DigiCert at the closing of the transaction, allowing Symantec to continue to participate in the value created by this transaction and ensure a successful transition for the customers of our website security and related PKI solutions."

    For DigiCert, the acquisition of the Symantec SSL/TLS certificate business is the company's second in the last two years. In June 2015, DigiCert acquired the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. DigiCert includes IBM, Sony, Facebook VMware, Intel and Harvard University among its customer base.

    The sale of the SSL/TLS certificate business comes after months of dispute between Symantec and browser vendors including Google and Mozilla about certificate issuance practices. In March 2017, Google warned Symantec that it would distrust all Symantec SSL/TLS certificates if certain protective security measures for certificate issuance were not taken.

    During his company's earnings call, Clark said the DigiCert acquisition accelerates the transition to a new PKI platform at DigiCert that meets all industry standards and browser requirements.

    "During our discussion with the browsers, our goal has been to minimize the impact to our customers, and we believe this transaction achieves that goal and commitment," Clark said.

    John Merrill, CEO of DigiCert, is also confident that his company can meet the SSL/TLS requirements that the browser vendors wanted from Symantec.

    "Importantly, we feel confident that this agreement will satisfy the needs of the browser community," Merrill wrote in a blog post. "DigiCert is communicating this deal and its intentions to the browser community and will continue to work closely with them during the period leading up to our closing the transaction."

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    PR: DigiCert to Acquire Symantec’s Website Security and Related PKI Solutions

    MOUNTAIN VIEW, Calif. and LEHI, Utah – August 2, 2017 – Symantec Corp. (NASDAQ:SYMC), the world’s leading cyber security company, and DigiCert Inc., a leading provider of scalable identity and encryption solutions for the enterprise, today announced an agreement under which DigiCert will acquire Symantec’s Website Security and related PKI solutions. Under the terms of the agreement, Symantec will receive approximately $950 million in upfront cash proceeds and approximately a 30 percent stake in the common stock equity of the DigiCert business at the closing of the transaction.

    The addition of Symantec’s website security solutions to DigiCert’s offerings will bring together the industry's top talent and provide customers with an enhanced technology platform, unparalleled customer support and market-leading innovations. DigiCert will gain capabilities to take advantage of growth opportunities in IoT and bring new approaches to the SSL market. DigiCert will continue to operate from its headquarters in Lehi, Utah and will employ over 1,000 professionals.

    “Transitioning our Website Security and related PKI solutions to DigiCert allows us to sharpen our enterprise focus on delivering unparalleled protection for the cloud generation through Symantec's Integrated Cyber Defense Platform. As our recently announced deals with Fireglass and Skycure demonstrate, we are accelerating the pace of innovation we bring to market through a combination of acquisitions as well as development from the ground up,” said Symantec CEO Greg Clark.

    Clark added, “We carefully examined our options to ensure our customers would have a world-class experience with a company that offers a modern website PKI platform and is poised to lead the next generation of website security innovation. I’m thrilled that our customers will benefit from a seamless transition to DigiCert, a company that is solely focused on delivering leading identity and encryption solutions. Symantec is deeply committed to the success of this transition for our customers.”

    “We look forward to building a great security company and supporting all of Symantec’s and DigiCert’s customers well into the future. We have assembled the best team in the industry to help us deliver even better security solutions and service to our customers,” said DigiCert CEO John Merrill. “DigiCert is committed to providing the market with innovative products, the highest level of trust, and experienced leadership in the SSL and PKI community. We are excited about the opportunities ahead, and will work toward a smooth transition for customers and employees of Symantec’s Website Security business.”

    “We know the cyber security market well and have worked closely with DigiCert to achieve high growth and develop customer-friendly solutions,” said Robert Sayle, a Partner at Thoma Bravo, the private equity firm that has backed DigiCert since 2015. “With this transaction, DigiCert expands its incredible talent and experience to lead the next generation of global website security. We are excited to support this enhanced company as it serves its customers and pursues opportunities for innovation and growth.”

    DigiCert will continue to be led by CEO John Merrill and an executive team with significant industry experience. Given the shared commitment to customer service, existing Symantec Website Security customers will be able to transition to a new platform that meets all industry standards and browser requirements and provides the foundation for future innovation in the Certificate Authority space for the benefit of customers.

    The transaction, which has been unanimously approved by the Symantec Board of Directors, is expected to be completed in the third quarter of fiscal 2018, subject to the satisfaction of customary closing conditions.

    J.P. Morgan Securities LLC is serving as financial advisor, and Fenwick & West LLP is serving as legal counsel to Symantec. Financing for the transaction was provided by UBS Investment Bank, Credit Suisse, Jefferies Finance LLC and Goldman Sachs Bank USA. UBS Investment Bank, Credit Suisse and Jefferies LLC are serving as financial advisors, and Kirkland & Ellis LLP is serving as legal counsel to Thoma Bravo and DigiCert.

    About Symantec

    Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit or connect with us on Facebook, Twitter, and LinkedIn.

    About DigiCert

    DigiCert is a leading provider of scalable security solutions for a connected world. The most innovative companies, including the Global 2000, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports SSL/TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management platform, CertCentral®. The company has been recognized with dozens of awards for its enterprise-grade management platform, fast and knowledgeable customer support, and market-leading growth. For the latest DigiCert news and updates, visit or follow @digicert.

    About Thoma Bravo

    Thoma Bravo is a leading private equity firm focused on the software and technology-enabled services sectors. With a series of funds representing more than $17 billion in capital commitments, Thoma Bravo partners with a company’s management team to implement operating best practices, invest in growth initiatives and make accretive acquisitions intended to accelerate revenue and earnings, with the goal of increasing the value of the business. Representative past and present portfolio companies include industry leaders such as Blue Coat Systems, Deltek, Digital Insight, Global Healthcare Exchange, Hyland Software, PowerPlan, Qlik, Riverbed, SailPoint, SolarWinds, SonicWall, Sparta Systems and TravelClick. The firm has offices in San Francisco and Chicago.

  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    ICYMI: Google punts StartCom from good guy certificate club

    "Google has determined that two certificate authorities, WoSign and StartCom, have not maintained the high standards expected of certificate authorities and will no longer be trusted by Google Chrome, in accordance with our Root Certificate Policy"

    Darren Pauli
    2 Nov 2016

    Mountain View's move follows public announcements by Mozilla and Apple that they would not trust the authorities' certificates after the pair the pair incorrectly issued base certificates and fudged date stamps in others to avoid SHA-1 security reforms.

    WoSign handed a base certificate for GitHub to Univeristy of Central Florida sysadmin Stephen Schrauger in August.

    Both it and StartCom were then found to have backdated 62 certificates to avoid pending bans of SHA-1 certificates slated to come into effect on all major browsers.

    Mozilla also flagged concerns with WoSign's quiet acquisition of Startcom which it claimed the company tried to hide.

    Google Chrome security engineer Andrew Whalley says of its ban decision that certificate authorities play a "key role" in web security and can cause harm if standards are abused.

    "Google has determined that two certificate authorities, WoSign and StartCom, have not maintained the high standards expected of certificate authorities and will no longer be trusted by Google Chrome, in accordance with our Root Certificate Policy," Whalley says.

    "Certificate authorities who issue certificates outside the policies required by browsers and industry bodies can put the security and privacy of every web user at risk."

    The changes will come into effect with the release of Chrome 56 in January 2017. All WoSign and StartCom certificates issued after October 21 this year will be untrusted.

    Those issued before that date will need to comply with Google's Certificate Transparency initiative that will help to demonstrate the trustworthiness of certificates and flush out malware and phishing sites.

    That initiative becomes mandatory for web admins in October next year. Those who do not comply will have their sites flagged as untrusted within Chrome.

  6. #6
    Louco pelo WHT Brasil
    Data de Ingresso
    Jan 2015
    O Let’s Encrypt vai pegar um pouco mais desse mercado e a partir de janeiro.

    Wildcard Certificates Coming January 2018
    Jul 6, 2017 • Josh Aas, ISRG Executive Director

    Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.

    Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API. This has contributed heavily to the Web going from 40% to 58% encrypted page loads since Let’s Encrypt’s service became available in December 2015. If you’re excited about wildcard availability and our mission to get to a 100% encrypted Web, we ask that you contribute to our summer fundraising campaign.

    A wildcard certificate can secure any number of subdomains of a base domain (e.g. * This allows administrators to use a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier.

    Wildcard certificates will be offered free of charge via our upcoming ACME v2 API endpoint. We will initially only support base domain validation via DNS for wildcard certificates, but may explore additional validation options over time. We encourage people to ask any questions they might have about wildcard certificate support on our community forums.

    We decided to announce this exciting development during our summer fundraising campaign because we are a nonprofit that exists thanks to the generous support of the community that uses our services. If you’d like to support a more secure and privacy-respecting Web, donate today!

    We’d like to thank our community and our sponsors for making everything we’ve done possible. If your company or organization is able to sponsor Let’s Encrypt please email us at

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens