Starting from mid-April, over 100 posts were published on Twitter and Reddit revealing the fact of SSL certificate expiry referred to enterprises, governmental agencies, SMBs, startups and thought leaders. Compared to the normal level of chatter about the topic, this marked an unusual increase in activity.
Why has the world suddenly begun talking about expired certificates, we wondered. In the absence of an immediately apparent answer, we took it upon ourselves to do some digging and find out.
Who’s on the List?
One of the most discussed cert expiry cases during our social media inspection involved Coinbase, a digital currency exchange.
It took Coinbase around four hours to resolve the SSL expiry issue they suffered according to their incident report. The effect this will had on a financial services company the size and stature of Coinbase was significant, entailing:
- Loss of revenue due to their website being shut down for hours
- Security hole for bad actors to try and exploit
- Loss of trust and reputation, prompting speculation about the outage occurring just as BTC was rising and traders were trying to access their accounts
Coinbase wasn’t the only company affected by cert outages last month, it should be noted. We also discovered similar problems besetting the world’s largest web developer site, a major airline , and a popular gaming hub.
Who’s to Blame?
From what we can gather, several high profile cases of lapsed SSL/TLS certificates during April can be attributed, in part, to an absent workforce. With the majority of the world either in house lockdown, furloughed, or otherwise absent from the office, tasks have gone untended, including digital certificate renewal.
It would be easy to chalk these high profile lapses up to unprecedented global events that have disrupted organizations, and left them operating with a skeleton crew. However, that is not the cause of these problems – it’s merely the accelerant. These SSL certificates were a ticking time bomb well before the world went into lockdown, just waiting for human error to overlook their renewal date, at which point they would detonate.
Most companies still manage their digital certificates manually, which accounts for why several major enterprises have wound up suffering from expired certs. With no one around to renew the certificates, they have simply been allowed to lapse.
Track and Trace
Certificate expiry incidents are unfortunate but they serve an important lesson: that the best way to avoid the problem is to automate certificate lifecycle management. We’ve previously provided a detailed comparison of manual and automated approaches, their pros and cons. The digital era we’re now living in offers amazing tools for automating such administrative tasks in a simple and cost-effective manner.
We’ve designed Keyhub for this very purpose: to suit the needs of business of all sizes and help them keep their digital assets up and running. Not only does it allow for all SSL and TLS certificates to be managed from one inventory, but it also keeps you notified about close-to-expiry certificates and other potential security threats to keep an eye on.