DISCUSSION A: In general, we use certificates issued by the most
reputable certification authorities available, e.g. Sectigo
(formerly Comodo) and Digicert (formerly Symantec/VeriSign),
for our e-commerce and code signing certificates. These should
be recognized by the majority of browsers and operating
systems. No action should be required in this case.
For internal operations, as well as for certain external
(public) procedures and services which involve security and
integrity rather than "reputation", we use our own public key
infrastructure (PKI). Cloanto's PKI was designed and deployed so
as to meet or exceed all relevant best practices, and includes
an isolated and secured offline root certification authority
(CA), and a redundant system of subordinate online issuing
certificate authorities. This system is integrated with
Microsoft's Active Directory, and, among other things, allows
several servers to always have current certificates and
authenticate the integrity of the services they provide.
Following the discovery of weaknesses in
the SHA-1 cryptographic hash function,
Cloanto followed the advice of the US NIST
to migrate to SHA-2 (SHA-512). SHA-2 is
supported on Windows Server 2003 SP2 (with
the fix outlined in
KB 968730), Windows XP SP3 and newer
versions of Windows.
If your operating system or browser are not already set to
recognize certificates issued by Cloanto, you can download and
install the public portion of Cloanto's root certificate:
For verification purposes, the certification thumbprint is:
- A0932B2A0A756CADA853B041E1552B8F63476C97
Related Links
| 
