SSL expiration has been making headlines lately with Netcraft recently reporting over 200 certificates have expired in relation to the US government shutdown. With many people wondering What’s the big deal? we wanted to examine why expiration is important and outline how it affects both website owners and website visitors.
On a theoretical basis, an expired certificate is a certificate which must not be used any longer. This is made explicit in the the Internet X.509 Profile in the certificate validation algorithm (section 6.1.3, item a.2). Consequences: Reduction in trust as the site becomes unsecure
Decline in sales and revenue with increased shopping basket abandonments
Corporate brand and reputation adversely affected putting the business at risk
Warning error messages displayed by browsers when visiting the site
Personal information at risk from man-in-the-middle attacks
Individual susceptible to fraud and identity theft
Until US Congress resumes services it is inevitable that we will see expired certificates and this example just goes to show how vulnerable organisations who are susceptible to shutdown can be said GlobalSign’s Managing Director, Paul Tourret. We predict that over 600 SSL Certificates currently securing a .gov domain due to expire in October will be potentially affected. To minimise the impact, current automated SSL Certificate lifecycle management tools can help in terms of best practice when managing SSL reliance during unforeseen outages.