A: In general, we use certificates issued by the most reputable certification authorities available, e.g. Symantec (formerly VeriSign), for our e-commerce and code signing certificates. These should be recognized by the majority of browsers and operating systems. No action should be required in this case.
For internal operations, as well as for certain external (public) procedures and services which involve security and integrity rather than "reputation", we use our own public key infrastructure (PKI). Cloanto's PKI was designed and deployed so as to meet or exceed all relevant best practices, and includes an isolated and secured offline root certification authority (CA), and a redundant system of subordinate online issuing certificate authorities. This system is integrated with Microsoft's Active Directory, and, among other things, allows several servers to always have current certificates and authenticate the integrity of the services they provide.
Following the discovery of weaknesses in the SHA-1 cryptographic hash function, Cloanto followed the advice of the US NIST to migrate to SHA-2 (SHA-512). SHA-2 is supported on Windows Server 2003 SP2 (with the fix outlined in KB 968730), Windows XP SP3 and newer versions of Windows.
If your operating system or browser are not already set to recognize certificates issued by Cloanto, you can download and install the public portion of Cloanto's root certificate:
For verification purposes, the certification thumbprint is: