Don’t be like LinkedIn, Don’t let your SSL certificate expire
1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 5.00 out of 5)
Loading...

Don’t be like LinkedIn, Don’t let your SSL certificate expire

Much of the globe couldn’t access LinkedIn yesterday because of an SSL expiry.

If you had trouble yesterday logging into LinkedIn – the social network for professionals – you are not alone. LinkedIn let its SSL certificate expire yesterday, a blunder that kept millions from accessing the website and left those who were able to log on without a secure connection.

As one security researcher told The Register:

“Simply put, [letting your SSL certificate expire] will erode trust with visitors to your site. For a site like LinkedIn that could matter a great deal when people come to trust them with more data, something LinkedIn is always encouraging you to do to – ‘complete your profile’.”

LinkedIn SSL Certificate expiredVenafi VP, Kevin Bocek added:

“LinkedIn’s blunder demonstrates why keeping in control of certificates is so important. While LinkedIn will have thousands of certificates to keep track of, outages like yesterday’s show that it only takes one expiry to cause problems. To stay in control, organisations should look to automate the discovery, management and replacement of every single certificate on its network.”

The outage affected:

  • us.linkedin.com
  • uk.linkedin.com
  • ca.linkedin.com

And many more. As of now LinkedIn has a DigiCert OV SSL certificate installed and is back up and active.

Don’t let SSL expiration happen to you

This is one of our most repeated refrains: don’t let your SSL certificate expire. The problem is that for a company as large as LinkedIn, their biggest issue is visibility. And that’s actually one of the biggest challenges that our parent company, The SSL Store’s enterprise clients face: visibility.

For an Enterprise client there are plenty of management systems that can help. We’ll never try to sell you any specific product or promote our own business interests on this blog – we enjoy a great degree of autonomy – but there are some really superb digital certificate management systems that scale to Enterprise level from:

  • Comodo
  • Symantec
  • DigiCert
  • Venafi

Setup for these programs is typically quick and simple, and they provide you with visibility, discovery and the tools to order, issue and renew SSL certificates as needed. I really can’t recommend that enough for Enterprises. Just one slip-up – like LinkedIn had yesterday – can cause catastrophic results.

LinkedIn SSL certificate expiredNow, is LinkedIn going to be in trouble in the long run? Probably not. If anything this should jar the company into better certificate management practices. But let’s say for instance you’re not an Enterprise and you’re only managing a couple of certificates for a domain and a mail server. Unlike with LinkedIn, which relies on a community of repeat users, this could be someone’s first impression of you and your company.

What does it say that you couldn’t keep your SSL certificates valid? That’s hardly the kind of opening statement you want to make to your customers.

Related: Why do SSL certificates expire?

Look, the point is that SSL expiry can happen to anyone. But it’s a preventable problem. From the smallest businesses to the biggest enterprises there are great tools for managing your SSL certificates and preventing expirations.

Because when it happens, you have no one to blame but yourself.

What we Hashed Out (for Skimmers)

Here’s what we covered in today’s discussion:

  • LinkedIn let its SSL certificate expire on Sunday
  • The expiration caused outages and potentially damages its customers trust in it
  • It’s easy to avoid these issues with a good digital certificate management platform.

 

2 comments
  • What exactly is the process when a certificate expires?

    Can I just pay a fee and it continues to be valid (like domain rego) or do I have to buy a new certificate and fuss around with my server setup all over again??

    (I am still in my first year of my first ssl certificate)

  • You will need to go through the whole process again, generate a CSR or use the previously generated one(Not recommended), purchase a certificate, do the validation and install the certificate again.

    The only part you would not do is the initial configuration of your HTTP Server, Nginx/Apache/IIS etc.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *

Author

Patrick Nohe

Hashed Out’s Editor-in-Chief also serves as Content Manager for The SSL Store™.