heise SSL Guardian
Protection against unsafe SSL certificates
Https connections are often used to transfer important data, such as passwords, PINs, or credit card numbers. The browser ensures that the sender can be identified with a valid certificate and that the transferred data are encrypted. An error in the Debian Linux distribution has generated numerous certificates that are child's play to crack. Many servers still use these weak certificates, even though it is impossible to establish a secure connection using them. The heise SSL Guardian checks the SSL certificates and warns you when it detects a weak one.
Usually, you should not allow the connection to be established in such a case. If you click on "No", the connection will immediately be interrupted and the data that the user has already sent will not be transferred via the internet. If you allow the connection to be established by clicking on "Yes", you should assume that everything can be read by a third party. If you report the certificate, it will be sent to the heise server. Neither the URL used, nor any other data will be transferred; the heise SSL Guardian does not even see them.
Operating systems: Windows 2000, XP, Vista.
All Windows applications that use Windows CryptoAPI will be protected by SSL Guardian. This includes Internet Explorer and Outlook Express, as well as Windows Mail. However, SSL Guardian does not protect Firefox and Opera as these use their own crypto libraries and not CryptoAPI. In order to protect Firefox, the Firefox SSL Blacklist extension is needed, as this has a similar function.
There are two versions, one complete and one without the black list for those who wish to upgrade from version 1 and don't need to download the list again.
Also available here are the lists of weak keys for separate download. You can combine these with the 'no list' version above. Only one of the lists is required, the short list covers about 98 per cent of the vulnerable certificates.
To perform the installation, download the software package under the link below, unpack it on your system and start the "setup.exe" file. It is best to use the recommended standard settings. Another window allows you to uninstall the program. To see if the heise SSL Guardian works, try it out at this site. If you don't get a warning when you open this page in Internet Explorer, something's gone wrong.
- Frequently Asked Questions – and of course, some answers.
- Forum to discuss problems and enhancements.
- Test SSL certificates at heise networks UK.