Google: Chrome will no longer trust Symantec certificates, 30% of the web will need to switch Certificate Authorities

That reminds me, I’d better check that the renewal job is working before the 90 days are up.

2 Likes

Yes! We fell for that, too. We put an entry in our cron job and thought that was that, but turns out there was a bug in one of the update scripts coming from letsencrypt. And the renewal was failing, but we had no idea. We found out the hard way when our certs expired. Thankfully, it was a quick fix and our customers never complained, but still it was nervewracking.

1 Like

I recommend a site like Track SSL to generate notifications when your certs are near expiry. That way if your crons fail, well - you’ll get extra notifications before they expire.

3 Likes

LetsEncrypt themselves will send notifications when your certs are near expiry.

They send notifications 20 days, 10 days, and 1 day ahead of expiry.

1 Like

It is two things, well three. High, Jeremy Pickett. And former key custodian at [REDACTED].

  • EV certs are a significant source of revenue. The last one I bought was over two grand. For a single cert. And sales reps are invented by revenue.
  • Attestation for an EV is done either through Dunn and Bradstreet, or a note from your lawyer. You know, Saul Goodman.
  • Liability is then shifted from the issurer to the user. This the hilarity around this case.

There are massive incentives for collusion. When done right, CAs and PKI do really work. But as I tell to at colleagues, it has to be right, or the results are catastrophic.

Like this debacle.

3 Likes

It also helps to make sure they send emails to an address that actually works.

This happened to a friend. It is not a reflection of the IT processes of our company in any way. Not even a little.

1 Like

Thanks for the pointer. Just signed up.

2 Likes

Is it just me or did you also wonder why these “extra steps” of EV were not part of SOP for Verisign back when us admins rode dinosaurs to deal with CAs?

Also does charging extra for what should have been done in the first place not smell scammier than a set of bamboo sheets from the Boing Boing Store?

1 Like

Ouchie!

2 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.