In association with heise online

04 July 2008, 12:41

heise SSL Guardian

Protection against unsafe SSL certificates

Https connections are often used to transfer important data, such as passwords, PINs, or credit card numbers. The browser ensures that the sender can be identified with a valid certificate and that the transferred data are encrypted. An error in the Debian Linux distribution has generated numerous certificates that are child's play to crack. Many servers still use these weak certificates, even though it is impossible to establish a secure connection using them. The heise SSL Guardian checks the SSL certificates and warns you when it detects a weak one.

SSL Guardian warning

Usually, you should not allow the connection to be established in such a case. If you click on "No", the connection will immediately be interrupted and the data that the user has already sent will not be transferred via the internet. If you allow the connection to be established by clicking on "Yes", you should assume that everything can be read by a third party. If you report the certificate, it will be sent to the heise server. Neither the URL used, nor any other data will be transferred; the heise SSL Guardian does not even see them.

Supported platforms

Operating systems: Windows 2000, XP, Vista.

All Windows applications that use Windows CryptoAPI will be protected by SSL Guardian. This includes Internet Explorer and Outlook Express, as well as Windows Mail. However, SSL Guardian does not protect Firefox and Opera as these use their own crypto libraries and not CryptoAPI. In order to protect Firefox, the Firefox SSL Blacklist extension is needed, as this has a similar function.


There are two versions, one complete and one without the black list for those who wish to upgrade from version 1 and don't need to download the list again.

Archive approx. Size md5sum
heise SSL Guardian 1.1 13 MB md5sum
heise SSL Guardian 1.1 without list 362 KB md5sum
the source code 41 KB md5sum

Also available here are the lists of weak keys for separate download. You can combine these with the 'no list' version above. Only one of the lists is required, the short list covers about 98 per cent of the vulnerable certificates.

Archive approx. Size md5sum
SSL Black list – Long 12.7 MB md5sum
SSL Black list – Short 4.2 MB md5sum


To perform the installation, download the software package under the link below, unpack it on your system and start the "setup.exe" file. It is best to use the recommended standard settings. Another window allows you to uninstall the program. To see if the heise SSL Guardian works, try it out at this site. If you don't get a warning when you open this page in Internet Explorer, something's gone wrong.

Additional information

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit