{"id":8301,"date":"2019-01-18T15:40:12","date_gmt":"2019-01-18T20:40:12","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=8301"},"modified":"2019-04-16T11:38:40","modified_gmt":"2019-04-16T15:38:40","slug":"more-websites-breaking-as-certificates-expire-during-government-shutdown","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/more-websites-breaking-as-certificates-expire-during-government-shutdown\/","title":{"rendered":"More websites breaking as certificates expire during government shutdown"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">The count is now over 130, clearly certificate management is not an &#8220;essential function&#8221; of government.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As we reported last week, <a href=\"https:\/\/www.thesslstore.com\/blog\/the-government-shutdown-is-catastrophic-for-us-cybersecurity\/\">due to the current shutdown, many key security personnel are furloughed<\/a> with only those serving \u201cessential\u201d functions staying on. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then we touched on the fact that, clearly, certificate management wasn\u2019t seen as essential because <a href=\"https:\/\/www.thesslstore.com\/blog\/80-gov-ssl-tls-certificates-have-expired-during-the-shutdown\/\">over 80 government websites had now suffered a certificate expiry<\/a>, making many unreachable.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Predictably, that trend has continued, there are now over\n130 broken websites as a result of expired SSL\/TLS certificates.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">So today we\u2019ll look a little deeper at the problem, and then\ngive a list of all the websites that are set to expire if the shutdown continues.<\/p>\n\n\n\n<p>Let\u2019s hash it out<\/p><span id=\"newline\"><\/span>\n\n\n\n<h2 class=\"wp-block-heading\">This certificate expiration problem looks to get a lot worse<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">What\u2019s frustrating about this entire issue is that it\u2019s\neasily avoidable and also easily fixed, it\u2019s just not a big enough problem that\nthe parties responsible have been ordered back to work, <a href=\"https:\/\/www.washingtonpost.com\/technology\/2019\/01\/17\/shutdown-is-steadily-devouring-us-government-websites\/?noredirect=on&amp;utm_term=.4ee758190f3c\">as\nthe Washington Post reports<\/a>:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>The certificates are designed to expire \u2014 some as frequently as every three months \u2014 to prevent a malicious actor from obtaining them and then impersonating a legitimate site. But it is rare for an expiration to last very long.<\/p><\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">How much worse could this get? <a href=\"https:\/\/techcrunch.com\/2019\/01\/17\/federal-https-domains-expire-government-shutdown\/\">TechCrunch has compiled a list<\/a> of prominent websites with certificates set to expire in the next month and a half. It\u2019s not good:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Expired:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/disasterhousing.gov\">disasterhousing.gov<\/a>\n\u2014 December 28<\/li><li><a href=\"https:\/\/landimaging.gov\">landimaging.gov<\/a>\n\u2014 January 3<\/li><li><a href=\"https:\/\/earthsystemprediction.gov\">earthsystemprediction.gov<\/a>\n\u2014 January 11 \u2014&nbsp;the National Earth System Prediction Capability<\/li><li><a href=\"https:\/\/manufacturing.gov\">manufacturing.gov<\/a>\n\u2014 January 14 \u2014 a portal highlighting national manufacturing initiatives.<\/li><li><a href=\"https:\/\/nationalhousinglocator.gov\">nationalhousinglocator.gov<\/a>\n\u2014 January 16<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Expiring in January:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/scidac.gov\">scidac.gov<\/a> \u2014\nJanuary 23<\/li><li><a href=\"https:\/\/ginniemae.gov\">ginniemae.gov<\/a>\n\u2014 January 23<\/li><li><a href=\"https:\/\/reportband.gov\">reportband.gov<\/a>\n\u2014 January 23<\/li><li><a href=\"https:\/\/mojavedata.gov\">mojavedata.gov<\/a>\n\u2014 January 26<\/li><li><a href=\"https:\/\/congressionaldirectory.gov\">congressionaldirectory.gov<\/a>\n\u2014 January 30 \u2014 a redirect&nbsp;to the directory of Congress<\/li><li><a href=\"https:\/\/congressionalrecord.gov\">congressionalrecord.gov<\/a>\n\u2014 January 30 \u2014 another redirect to the&nbsp;congressional record<\/li><li><a href=\"https:\/\/fdsys.gov\">fdsys.gov<\/a> \u2014\nJanuary 30<\/li><li><a href=\"https:\/\/housecalendar.gov\">housecalendar.gov<\/a>\n\u2014 January 30 \u2014 a redirect pointing&nbsp;hosting the House calendar<\/li><li><a href=\"https:\/\/presidentialdocuments.gov\">presidentialdocuments.gov<\/a>\n\u2014 January 30 \u2014 Compilation of Presidential Documents<\/li><li><a href=\"https:\/\/senatecalendar.gov\">senatecalendar.gov<\/a>\n\u2014 January 30 \u2014 a redirect to the&nbsp;Senate calendar<\/li><li><a href=\"https:\/\/uscode.gov\">uscode.gov<\/a> \u2014\nJanuary 30<\/li><li><a href=\"https:\/\/donaciondeorganos.gov\">donaciondeorganos.gov<\/a>\n\u2014 January 30<\/li><li><a href=\"https:\/\/www.fishwatch.gov\">www.fishwatch.gov<\/a>\n\u2014 January 30<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Federal domains that will expire by mid-February<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/ferc.gov\">ferc.gov<\/a> \u2014\nFebruary 1 \u2014 Federal Energy Regulatory Commission<\/li><li><a href=\"https:\/\/askkaren.gov\">askkaren.gov<\/a>\n\u2014 February 1<\/li><li><a href=\"https:\/\/befoodsafe.gov\">befoodsafe.gov<\/a>\n\u2014 February 1 \u2014 a redirecting link to the Department of Agriculture<\/li><li><a href=\"https:\/\/foodsafetyjobs.gov\">foodsafetyjobs.gov<\/a>\n\u2014 February 1<\/li><li><a href=\"https:\/\/isitdoneyet.gov\">isitdoneyet.gov<\/a>\n\u2014 February 1<\/li><li><a href=\"https:\/\/pregunteleakaren.gov\">pregunteleakaren.gov<\/a>\n\u2014 February 1<\/li><li><a href=\"https:\/\/www.democraticleader.gov\">www.democraticleader.gov<\/a>\n\u2014 February 2 \u2014 website of the House majority leader<\/li><li><a href=\"https:\/\/majorityleader.gov\">majorityleader.gov<\/a>\n\u2014 February 2 \u2014 redirecting link to the House majority\u2019s&nbsp;page<\/li><li><a href=\"https:\/\/www.democraticwhip.gov\">www.democraticwhip.gov<\/a>\n\u2014 February 2 \u2014 website of the Congressional Democratic whip<\/li><li><a href=\"https:\/\/majoritywhip.gov\">majoritywhip.gov<\/a>\n\u2014 February 2 \u2014 redirecting link to Democratic whip\u2019s page<\/li><li><a href=\"https:\/\/llnl.gov\">llnl.gov<\/a> \u2014\nFebruary 2 \u2014 Lawrence Livermore National Laboratory<\/li><li><a href=\"https:\/\/moneyfactory.gov\">moneyfactory.gov<\/a>\n\u2014 February 6<\/li><li><a href=\"https:\/\/federalregister.gov\">federalregister.gov<\/a>\n\u2014 February 7 \u2014 the Federal Register<\/li><li><a href=\"https:\/\/wlci.gov\">wlci.gov<\/a> \u2014\nFebruary 7<\/li><li><a href=\"https:\/\/fedrooms.gov\">fedrooms.gov<\/a>\n\u2014 February 10<\/li><li><a href=\"https:\/\/floodsmart.gov\">floodsmart.gov<\/a>\n\u2014 February 10 \u2014 the National Flood Insurance Program<\/li><li><a href=\"https:\/\/www.casl.gov\">www.casl.gov<\/a>\n\u2014 February 11<\/li><li><a href=\"https:\/\/geoplatform.gov\">geoplatform.gov<\/a>\n\u2014 February 12 \u2014 the U.S. Geospatial Platform<\/li><li><a href=\"https:\/\/fatherhood.gov\">fatherhood.gov<\/a>\n\u2014 February 13<\/li><li><a href=\"https:\/\/eeoc.gov\">eeoc.gov<\/a> \u2014\nFebruary 13 \u2014 the Equal Employment Opportunity Commission<\/li><li><a href=\"https:\/\/www.faa.gov\">www.faa.gov<\/a> \u2014\nFebruary 13 \u2014 the Federal Aviation Administration<\/li><li><a href=\"https:\/\/grants.gov\">grants.gov<\/a> \u2014\nFebruary 15<\/li><li><a href=\"https:\/\/indianaffairs.gov\">indianaffairs.gov<\/a>\n\u2014 February 15 \u2014 Department of the Interior\u2019s Indian Affairs bureau<\/li><li><a href=\"https:\/\/jusfc.gov\">jusfc.gov<\/a> \u2014\nFebruary 15<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Federal domains that will expire by the end of February<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/bia.gov\">bia.gov<\/a> \u2014 February\n18 \u2014 another link to Indian Affairs<\/li><li><a href=\"https:\/\/presidentialinnovationfellows.gov\">presidentialinnovationfellows.gov<\/a>\n\u2014 February 18<\/li><li><a href=\"https:\/\/usich.gov\">usich.gov<\/a> \u2014\nFebruary 18<\/li><li><a href=\"https:\/\/cdfifund.gov\">cdfifund.gov<\/a>\n\u2014 February 18<\/li><li><a href=\"https:\/\/home.treasury.gov\">home.treasury.gov<\/a>\n\u2014 February 18 \u2014 the end domain to the U.S. Treasury homepage<\/li><li><a href=\"https:\/\/financialstability.gov\">financialstability.gov<\/a>\n\u2014 February 18<\/li><li><a href=\"https:\/\/fsoc.gov\">fsoc.gov<\/a> \u2014\nFebruary 18<\/li><li><a href=\"https:\/\/irsauctions.gov\">irsauctions.gov<\/a>\n\u2014 February 18<\/li><li><a href=\"https:\/\/irssales.gov\">irssales.gov<\/a>\n\u2014 February 18<\/li><li><a href=\"https:\/\/makinghomeaffordable.gov\">makinghomeaffordable.gov<\/a>\n\u2014 February 18<\/li><li><a href=\"https:\/\/mha.gov\">mha.gov<\/a> \u2014 February\n18<\/li><li><a href=\"https:\/\/sigtarp.gov\">sigtarp.gov<\/a> \u2014\nFebruary 18<\/li><li><a href=\"https:\/\/treas.gov\">treas.gov<\/a> \u2014\nFebruary 18<\/li><li><a href=\"https:\/\/ustreas.gov\">ustreas.gov<\/a> \u2014\nFebruary 18 \u2014 a redirect to the U.S. Treasury<\/li><li><a href=\"https:\/\/capnhq.gov\">capnhq.gov<\/a> \u2014\nFebruary 19 \u2014 another redirect link to the U.S. Treasury<\/li><li><a href=\"https:\/\/fdicseguro.gov\">fdicseguro.gov<\/a>\n\u2014 February 19<\/li><li><a href=\"https:\/\/sftool.gov\">sftool.gov<\/a> \u2014\nFebruary 21<\/li><li><a href=\"https:\/\/nlm.gov\">nlm.gov<\/a> \u2014 February\n21 \u2014 the National Library of Medicine<\/li><li><a href=\"https:\/\/bea.gov\">bea.gov<\/a> \u2014 February\n22<\/li><li><a href=\"https:\/\/opioids.gov\">opioids.gov<\/a> \u2014\nFebruary 22 \u2014 the White House\u2019s page on the opioids epidemic<\/li><li><a href=\"https:\/\/jamesmadison.gov\">jamesmadison.gov<\/a>\n\u2014 February 24<\/li><li><a href=\"https:\/\/usitc.gov\">usitc.gov<\/a> \u2014\nFebruary 24 \u2014 the U.S. International Trade Commission<\/li><li><a href=\"https:\/\/arctic.gov\">arctic.gov<\/a> \u2014\nFebruary 25<\/li><li><a href=\"https:\/\/inspire2serve.gov\">inspire2serve.gov<\/a>\n\u2014 February 26<\/li><li><a href=\"https:\/\/usaspending.gov\">usaspending.gov<\/a>\n\u2014 February 26<\/li><li><a href=\"https:\/\/sec.gov\">sec.gov<\/a> \u2014 February\n26 \u2014 the Securities and Exchange Commission<\/li><li><a href=\"https:\/\/everytrycounts.gov\">everytrycounts.gov<\/a>\n\u2014 February 27<\/li><li><a href=\"https:\/\/abandonedmines.gov\">abandonedmines.gov<\/a>\n\u2014 February 27<\/li><li><a href=\"https:\/\/malwareinvestigator.gov\">malwareinvestigator.gov<\/a>\n\u2014 February 28 \u2014 the FBI\u2019s malware analysis site<\/li><li><a href=\"https:\/\/va.gov\">va.gov<\/a> \u2014 February\n28 \u2014 Department of Veterans Affairs<\/li><li><a href=\"https:\/\/code.gov\">code.gov<\/a> \u2014\nFebruary 28 \u2014 Code.gov for Sharing America\u2019s Code<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">What makes this problem worse is that many of these websites have been added to the <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-hypertext-strict-transport-security-hsts\/\">HSTS preload list<\/a>. The preload list, which is used by all major browsers, forces HTTPS connections anytime someone attempts to access the site. This is great for security, unless your certificate is expired. Then it breaks your site, making it impossible to access.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When we say that websites are \u201cbroken,\u201d this is what\u2019s\nmeant.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Will all of these sites break?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">While there doesn\u2019t seem to be any indication that either of\nthe sides are relenting, the shutdown is going to end eventually. But, my bet\nis that before that you\u2019ll see the individuals responsible called in to fix the\nproblem.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That, or someone else that usually isn\u2019t tasked with\ncertificate management will be called on to do it. That could actually cause\neven more problems because it will be occurring outside of the usual work flows\nand that\u2019s how you end up with shadow certificates \u2013 and those cause problems,\ntoo. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Either way, this can\u2019t continue to happen much longer. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ironically, this may be one of the most tangible ways that\nmany Americans feel the shutdown. It would prove highly amusing if this issue,\nlack of access to government websites, is one of the things that incited the\npublic enough to start pressuring representatives and senators for a\nresolution.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>As always, leave any comments or questions below\u2026<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"267\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/bigstock-222348568-1024x267.jpg\" alt=\"Hashed Out by The SSL Store is the voice of record in the SSL\/TLS industry.\" class=\"wp-image-7276\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/bigstock-222348568-1024x267.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/bigstock-222348568-300x78.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/bigstock-222348568-768x200.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/bigstock-222348568.jpg 1559w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>The count is now over 130, clearly certificate management is not an &#8220;essential function&#8221; of government. As we reported last week, due to the current shutdown, many key security personnel&#8230;<\/p>\n","protected":false},"author":6,"featured_media":8302,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[],"class_list":["post-8301","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","post-without-tags"],"views":39626,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/01\/bigstock-Government-Shutdown-concept-172636049.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/8301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=8301"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/8301\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/8302"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=8301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=8301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=8301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}