SSL expiration has been making headlines lately with Netcraft recently reporting over 200 certificates have expired in relation to the US government shutdown. With many people wondering “What’s the big deal?” we wanted to examine why expiration is important and outline how it affects both website owners and website visitors.
Consequences of Expired SSL
Unlike some services that renew automatically until specifically cancelled, SSL Certificates have a set expiry date. Letting an SSL Certificate expire can have a number of consequences for the website owner and also for the end user.
Website Owner:
Reduction in trust as the site becomes unsecure
Decline in sales and revenue with increased shopping basket abandonments
Corporate brand and reputation adversely affected putting the business at risk
Website User:
Warning error messages displayed by browsers when visiting the site
Personal information at risk from man-in-the-middle attacks
Individual susceptible to fraud and identity theft
How a Browser Displays Expired SSL Certificates
Browser - Google Chrome
Browser - Mozilla Firefox
Browser - Internet Explorer
As you can see the warning messages vary from browser to browser and these inconsistencies may cause end users to simply click through the error messages without fully reading or understanding the actual message itself. We highly recommend that all warning messages are read and responded to appropriately, as opposed to automatically ignoring the message and clicking through to the site.
If you are unsure about the implication of the warning, click the explanatory links such as “Help me understand” or “Learn More”. These links provide important details that can assist in the decision making process.
Protect your Website and visitors
"Until US Congress resumes services it is inevitable that we will see expired certificates and this example just goes to show how vulnerable organizations who are susceptible to shutdown can be” said GlobalSign’s VP of Product Management, Doug Beattie. “We predict that over 600 SSL Certificates currently securing a .gov domain due to expire in October will be potentially affected. To minimize the impact, current automated SSL Certificate life cycle management tools can help in terms of best practice when managing SSL reliance during unforeseen outages".
Government websites are independently relied upon by the public and today are seen as prime targets for cyber-attacks; therefore it is important to ensure that critical national infrastructures retain adequate management systems to eliminate risk, whilst encouraging website visitors to react appropriately to potential vulnerabilities.