heise SSL Guardian
Protection against unsafe SSL certificates
Https connections are often used to transfer important data, such as passwords, PINs, or credit card numbers. The browser ensures that the sender can be identified with a valid certificate and that the transferred data are encrypted. An error in the Debian Linux distribution has generated numerous certificates that are child's play to crack. Many servers still use these weak certificates, even though it is impossible to establish a secure connection using them. The heise SSL Guardian checks the SSL certificates and warns you when it detects a weak one.
Usually, you should not allow the connection to be established in such a case. If you click on "No", the connection will immediately be interrupted and the data that the user has already sent will not be transferred via the internet. If you allow the connection to be established by clicking on "Yes", you should assume that everything can be read by a third party. If you report the certificate, it will be sent to the heise server. Neither the URL used, nor any other data will be transferred; the heise SSL Guardian does not even see them.
Supported platforms
Operating systems: Windows 2000, XP, Vista.
All Windows applications that use Windows CryptoAPI will be protected by SSL Guardian. This includes Internet Explorer and Outlook Express, as well as Windows Mail. However, SSL Guardian does not protect Firefox and Opera as these use their own crypto libraries and not CryptoAPI. In order to protect Firefox, the Firefox SSL Blacklist extension is needed, as this has a similar function.
Download
There are two versions with different sized lists. The first is for users that have adequate bandwidth and time. The second is a third as large, but still detects more than 98% of the weak certificates.
| Archive | approx. Size | md5sum |
| heise SSL Guardian | 13 MB | 5beab82c954d55e8b845c1d133420987 |
| small heise SSL Guardian | 4,5 MB | 2f38434ff50befa2c7d8059b0f1f1a50 |
| the source code | 45 KB | d41d8cd98f00b204e9800998ecf8427e |
Installation
To perform the installation, download the software package under the link below, unpack it on your system and start the "setup.exe" file. It is best to use the recommended standard settings. Another window allows you to uninstall the program. To see if the heise SSL Guardian works, try it out at this site. If you don't get a warning when you open this page in Internet Explorer, something's gone wrong.
Additional information
- Frequently Asked Questions – and of course, some answers.
- Forum to discuss problems and enhancements.
- Test SSL certificates at heise networks UK.
- Bookmark & Share
