Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
DigiCert’s 24-Hour Certificate Chaos: Thousands Scramble, Critical Services at Risk
DigiCert’s SSL/TLS certificate revocation sweep affects tens of thousands, sparking chaos. Customers scramble to replace certificates on short notice, with some warning of real-world safety implications. Lawsuits ensue, and DigiCert admits the challenge of meeting 24-hour revocation requirements. IT teams are pulling all-nighters—hope they get…
Hot Take:
“When life gives you lemons, make lemonade,” they say. But when DigiCert hands you a 24-hour notice to replace thousands of SSL/TLS certificates, make sure you have a very large and highly caffeinated IT team on speed dial.
Key Points:
- DigiCert’s SSL/TLS certificate revocation affects tens of thousands of customers due to a five-year-old programming flaw.
- The flaw involved broken domain ownership validation and random numbers, impacting 83,267 certificates for 6,807 subscribers.
- Many critical infrastructure and healthcare organizations are struggling to meet the 24-hour revocation deadline.
- DigiCert is providing limited extensions under “exceptional circumstances,” but all certificates must be replaced by August 3, 2024.
- Affected IT teams are working overtime, with some organizations facing potential safety risks due to the short notice.
Already a member? Log in here