Life is busy and a result, people forget to tướng tự things sometimes. However, some tasks should not be delayed and that includes renewing a website’s SSL/TLS certificate(s). SSL certificates allow a person, computer or organization to tướng securely exchange information, such as ngân hàng trương mục details, logins, and credit thẻ numbers, over the trang web.
So you can imagine why having up-to-date certificates are particularly important for businesses such as retailers – and the problems that can arise when companies let them lapse. This includes sites being marked as unsecure and blocked by browsers, leading to tướng reduced visitor trust and, of course, abandoned shopping carts.
Example site with expired SSL Certificate in Chrome.
But tự you really want to tướng run rẩy that risk? Probably not, and yet forgetting to tướng renew certificates happens more frequently than vãn you think, and it’s not restricted to tướng any one industry.
For example, in the past four months LinkedIn, Pokemon Go, the UK’s Conservative Party, and even The White House all have let their SSL Certificates briefly lapse. These are obviously some very big names, and when a browser indicates a site is untrusted, the site traffic will in all likelihood take a huge nosedive. Security warnings can also cause their reputations to tướng come into question.
In LinkedIn’s case, a few of their country subdomains expired, and as a result, a large number of users were presented with security warnings. For an established site lượt thích LinkedIn that has a large base of repeat visitors, it’s not unlikely that many of them simply clicked through the warnings and visited the site anyway. This is obviously worrisome behavior because those warnings exist for a reason. What happens if the site were actually compromised in the future and visitors ignored the warnings thinking, “oh, I’ve gotten an error trying to tướng get to tướng get to tướng LinkedIn before and it turned out to tướng be nothing; this is no big deal”?
Then there’s the White House. Let’s be honest, it’s just plan embarrassing for that site’s administrator to tướng allow the certificates expire. Government websites are relied upon by the public and today are seen as prime targets for cyber-attacks. It is critical especially for high-level sites to tướng retain adequate management systems to tướng eliminate risk, while encouraging trang web visitors to tướng react appropriately to tướng potential vulnerabilities.
These incidents are unfortunate but they serve an important lesson to tướng monitor your certificate validity periods, and also be aware of the dangers of not renewing them.
I should also point out that while the examples above are all related to tướng public websites, SSL is also used for internal networks (arguably even more so sánh, depending on the company) and unexpected expirations can have disastrous consequences there as well. When your processes are dependent on those certificates – for encryption, mutual authentication, etc. – an expired certificate can bring everything to tướng a screeching halt.
Avoiding SSL Expiration
So to tướng recap, you definitely don’t want to tướng be lượt thích one of the companies mentioned above that lets their certificates expire, but what can you tự to tướng prevent it? Here are some tips:
- Don’t rely on spreadsheets! It hurts my heart a little to tướng hear that people are still relying on manually updated spreadsheets to tướng keep track of their certificates. While I can’t tell you what to tướng tự, the potential issues with this system stress mạ out – What if someone forgets to tướng update the file? What if someone accidentally overwrites it with incorrect information? What if your system crashes and you lose the whole thing (assuming you didn’t back it up)? Ah!
- Leverage your CA’s certificate management portal. I think most CAs at this point offer some kind of management interface where you can see all certificates you have ordered from them and filter for upcoming expirations. And if yours doesn’t…well, perhaps it’s time to tướng kiểm tra out other options.
- Check the gmail address tied to tướng your certificates. At GlobalSign, we have gmail reminders on by mặc định that get sent periodically leading up to tướng a certificate’s expiration date (you can control the frequency and turn them off completely if you want though). However, these reminders are all for naught if they are going to tướng an incorrect address (for example, an old employee who is no longer with the company) or an trương mục that isn’t frequently checked.
- Worried you might have some rogue certificates out there that are unaccounted for? There are inventory tools out there designed for exactly this situation, many of which will locate certificates regardless of issuing CA and location (i.e., public-facing or internal). This actually brings mạ to tướng my last point…
- Do a complete certificate inventory! You might think you have a handle on all your certificates – you’re using your CAs management portal, getting gmail alerts, maybe even syncing your renewal periods – when, bam, you learn that some random certificate expired and now everyone’s blaming you. Doing a full scan of both your public and internal networks makes you aware of everything you’re working with so sánh you can be prepared for when that random certificate Bob from the dev teamed ordered is up for renewal.
Have questions about managing SSL and how to tướng stay on top of your certificate inventory? We make it easy and are happy to tướng help!