GlobalSign’s success as a root certificate authority this week was staggered. Certification Center was unable to maintain the usual protocols. The result was that many sites, both large and small, are faced with SSL-certificates’ problems. Some users are faced with the fact that browsers have ceased to trust sites and denied access to him.
In particular, GlobalSign had accidentally to undo its intermediate certificates, updating special cross-certificate.
It broke the chain of trust and annulled the SSL / TLS certificates issued to customers by GlobalSign. Correcting this mishap may take a few days, so users can not normally come to their pages. GlobalSign believe that the correction may take several days. The company has created a support page for IT-managers and people who are looking for ways to fix broken HTTPS-certificates.
GlobalSign said that the mass revocation of certificates was an unexpected consequence of internal changes, and believe that browsers and other software “acted incorrectly”, when rejected certificates. But then GlobalSign specialists recognized that the problem is still on their side and not on the side of the browsers.
If you are not affected by this, consider yourself lucky, because the problem does not affect all users. Reason is simple: the wide variety of caching and revocation applied by different browsers, applications and other programs. If your application has not yet canceled anything, then fine – if revoked, then you can try to delete your cache certificate revocation list.
Unfortunately, the cache cleaning – a complex process, and requires technical skill and effort.
Among the affected sites – Financial Times, Guardian, Wikipedia, Logmein, and Dropbox.