Attention Whitehouse: You Need to Re-Issue Your SSL Certificate
The new website looks great, but just a heads up, you need to reissue your SSL
The Trump Administration unveiled the new Whitehouse.gov website on Friday. And, ignoring politics for a second, it looks great. It’s been streamlined, cleaned up and it’s going to cost half as much to run as the last one. All good things.
But, as I was perusing the new layout I did notice one, small, minuscule thing you may want to take care of sooner, rather than later: your SSL certificate needs to be re-issued.
Now, you should make it a habit to take a gander at a site’s SSL certificate whenever you arrive for the first time, and before purchases. But, I realize that’s a lot like the dentist reminding you to floss – it’s good hygiene but most of you aren’t going to do it.
But I do, and the Whitehouse appears to be using a Symantec OV wildcard certificate that just barely misses the cutoff for distrust. You’re going to need to re-issue your SSL certificate.
Why does the Whitehouse need to re-issue its SSL certificate?
That all comes back to the situation that played out between Google/Mozilla and Symantec over the Summer. We covered it in-depth as it happened, but if you haven’t been following, the abridged version is that Google and Mozilla felt Symantec was doing a poor job of overseeing some of its managed partners, third-party organizations that handle validation in other regions of the world.
So the companies got together and arrived at a solution where Symantec’s old roots, and all the certificates that had been signed off of them, would be distrusted in phases as Symantec rebuilt its PKI. In the interim, Symantec sold its CA operation and all associated assets to DigiCert who will be handling validation and issuance on behalf of Symantec.
DigiCert began issuing for Symantec on December 1, 2017. As a result, any Symantec SSL certificate issued after December 1st is free and clear. Unfortunately, the Whitehouse got its certificate issued 9 days too early, on November 21, 2017.
There’s no rush, the Whitehouse has until September 13, 2018. As long as the certificate gets re-issued and installed before then, everything will be fine.
If not, well, you’ll be able to add Google Chrome and Mozilla Firefox to the list of people and things that distrust the Whitehouse.
This could affect you, too!
While the Whitehouse’s website serves as a very visible example, it’s far from the only site that will need to re-issue its SSL certificate in the coming weeks and months.
We will have a much more in-depth article covering all the details tomorrow, but for now here’s the abridged version:
- If your website uses an SSL certificate from Symantec, RapidSSL, GeoTrust or Thawte, and it was issued before June 1, 2016, you need to re-issue your certificate before March 15, 2018.
- If your website uses an SSL certificate from Symantec, RapidSSL, GeoTrust or Thawte, and it was issued after June 1, 2016, but before December 1, 2017, you need to re-issue your certificate before September 13, 2018.
Symantec and DigiCert will be completing all re-issuances for free. You’ll want to give yourself time and not wait until the last minute though. Just some friendly advice.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown