Automating backup for the SSL-certificate: businesses need protection after an incident with Globalsign

Company’s existing online, decided to reduce their dependence on individual CAs using backup automation.

A huge number of sites have become unavailable after the cross-certificate was revoked in error during routine maintenance of GlobalSign for the purpose of cleaning some references to the root certificates.

As they say, cross-certificates allow certificates engage with the alternate root, but when it was revoked, some browsers have become incorrect to assume that the cross-certificate revoked the intermediate certificates that did not happen. Consequently, browsers began to mark such sites as unsafe, preventing access to them for security reasons.

Edsby, program developer, said that his site was damaged, along with many major sites. Globalsign removed the cross-certificate, and clear the cache, but the company’s customers still have to replace their SSL-certificates to regain access to the sites.

However, the CA stated that due to the global nature of the CDN and caching efficiency, some certificates will still generate an error.

Users who do not clear the cache would be to wait until the problem is solved itself, but Globalsign noted that they would provide an alternative issuing CA.

It is not known how many companies were affected by this, but generally GlobalSign has issued more than 25 million certificates, and public trust in the CA is very high.

The reality is that failure as a violation related to the certificates, are becoming more frequent. And it’s not a surprise, because the world is moving on the way of encryption. However, this is not acceptable, if you cannot enter the site within a few days.

Loss of income and reputational damage for the companies can reach millions of dollars. Companies want to have any automatic backup. They cannot just rely on a certification authority. Such questions will arise constantly. Companies will be required to automatically change the damaged certificates.