To Cert or Not To Cert
Updated: Feb 2
If you're one of those users who's favourite websites were no longer accessible on Friday October 1, 2021, you're not alone. Many websites and services reported issues on Thursday due to the expiration of a root certificate. This security certificate was provided by Let's Encrypt.
The IdentTrust DST Root CA X3 expired causing thousands if not millions sites to experience web services and connectivity issues.
Why are there certificates?
Security certificates are required to ensure that the browser connection from your device connected to a website is secure and encrypted. An expired certificate - you guessed it- no longer allows the connection to be established, and you get a nasty error message on your screen.
Were you notified?
Some readers may actually NOT have noticed anything. This can be explained in a few different ways
Your browser is so old that the certs really don't matter (IE 7)
There is no (decent) firewall between your device and the Internet
Your browser and ISP/carrier really doesn't check on any of this, and allows you access regardless.
Ad 2 is in interesting one. If you're working from an office, your firewall in between your internal network and the Internet should have flagged the expired certificate and blocked any further access. If it did, kudos to your IT department and cybersecurity engineer. Although awkward to explain to the end users, but the best protection is in place.
That leaves those office workers not getting this message. Or even more specific: those IT and cybersecurity folks managing the network that allowed the insecure(d) websites to be connected to the web browsers.
So, what next...?
Revisit your cybersecurity policies, choice of firewall vendor and and challenge your supplier. Or even better: call or contact us and learn more about from cybersecurity experts and how we protect and defend our customer's infrastructures. https://www.hexaport.io