Blog

Welcome to the Hardenize blog. This is where we will document our journey as we make the Internet a more secure place and have some fun and excitement along the way.

MTA-STS (the full name SMTP Mail Transfer Agent Strict Transport Security) is a new standard that aims to improve the security of SMTP by enabling domain names to opt into strict transport layer security mode that requires authentication (valid public certificates) and encryption (TLS). In this blog post we discuss why MTA-STS exists and how it's used, as well as announce full support for its most recent draft in Hardenize.   READ MORE »

We've just delivered our second batch of features intended to provide full support for the Certificate Transparency (CT) ecosystem. Chief among them is support for the Expect-CT HTTP response header, which sites can use to enable CT compliance enforcement and reporting. Additionally, we've also added a series of user interface and functionality improvements to test for edge cases and detect non-CT-compliant deployments.   READ MORE »

22 May
2018

How We Test SMTP

by Ivan Ristić

When we set out to build Hardenize, one of our goals was to provide an almost-interactive experience, one where you don't have to wait for a long time to get useful results back. We thus spent a lot of time making Hardenize fast. Unfortunately, even though our tests are lightweight and going fast works for HTTP, the approach breaks completely in the SMTP land, where we were often being blocked. To fix that, we went back to the drawing board and completely redesigned how we test SMTP.   READ MORE »

After April 30th, Chrome will start rejecting all new certificates that don’t have sufficient proof of being logged to Certificate Transparency (CT) servers. To help with the transition, we’ve released a series of improvements to our tools to verify and monitor CT compliance.   READ MORE »

20 Mar
2018

Certificate Expiration Monitoring

by Ivan Ristić

As of today, Hardenize officially supports daily notifications that alert you about certificates that are about to expire. Once a day we take a look at your properties and make a list of all certificates that haven't been renewed. We include both your certificates as well as those that you rely on (e.g., third-party web sites, outsourced email servers, and so on). We then check every known network location once again to remove any certificates that have been renewed at the last minute. After that, if we're left with any certificates on our list, we send you an email with a summary of all your affected properties and the corresponding network locations.   READ MORE »

13 Mar
2018

Certificate Transparency Notifications

by Ivan Ristić

If you're like me, you want to know about new certificates that are issued for your domain names. In fact, that's the whole point of Certificate Transparency (CT), to be able to keep an eye on what Certification Authorities are doing in your name. Hardenize has supported real-time CT monitoring for several months already, but now we've added one simple yet very useful feature—email notifications for CT discoveries.   READ MORE »

27 Feb
2018

Certificate Transparency Database

by Ivan Ristić

For our next key feature, we're happy to announce a database of all public certificates recorded to Certificate Transparency logs. It's another step we're making toward building the best certificate inventory and CT monitoring tool ever. With the database seamlessly integrated with our product, our customers can now start with only a handful of domain names and have all their certificates in their accounts within seconds. This new database complements our existing real-time CT monitoring features.   READ MORE »

23 Jan
2018

Multiple Dashboards, Teams and Groups

by Ivan Ristić

Last month, in December, we decided to take advantage of a quieter month to make some bigger changes to our database and build a foundation for a number of new features. Today we're releasing new functionality that adds teams, groups, multiple dashboards, and asset management, all designed to make it easier to manage the information available in Hardenize accounts.   READ MORE »

29 Nov
2017

Certificate Transparency Monitoring

by Ivan Ristić

At Hardenize, we're continuing to add new features on our path to the first commercial release. In an earlier blog post we talked about our certificate monitoring capabilities, which are based on network infrastructure scanning. Today, we're taking the next step with the introduction of Certificate Transparency (CT) monitoring. This new feature is enabled for all our early customers.   READ MORE »

1 Nov
2017

Hardenize Security Badge

by Ivan Ristić

Today we’re announcing a fun little project, our own security badge you can place on your web site to highlight your good security posture. I say fun, because working this project gave us an excuse to design an awesome-looking badge, but our motivation is really to help raise awareness of the importance of good security and make transparency the norm.   READ MORE »

We are delighted to announce Hardenize Certificate Inventory and Monitoring, a significant new feature that we’ve just released. It’s enabled now for all our early customers. Certificate renewal has long been a pain point for organizations of all sizes. It’s rare to find someone who hasn’t had one of their certificates expire before they are replaced. With Hardenize we wish to ensure that never happens to you again. Equally important, we also wish to help you navigate the complex world of PKI.   READ MORE »

15 Aug
2017

Monitoring of Symantec certificates

by Ivan Ristić

Google and Mozilla are planning to deprecate all existing Symantec certificates, cutting short their lifetime. This causes a significant operational problem for many organizations who will need to identify all affected certificates and then replace them before they are made invalid. To assist with this process, in Hardenize we’ve added detection of Symantec certificates (all brands) and we now present effective expiration dates.   READ MORE »

29 Jun
2017

Introducing Hardenize dashboards

by Ivan Ristić

Today we’re introducing a great new Hardenize feature—public dashboards. They are a great way to apply Hardenize’s complete assessment capabilities to a group of hosts and get a good understanding (quickly!) of what their security is like. We provide a summary page that shows the most important data points, but we also include the complete results for each of the participating sites individually.   READ MORE »