Why you should keep track of your SSL Certificate Expiries…
SSL, or Secure Sockets Layer, is an internet protocol designed to keep your communication safe from prying eyes. SSL is an older cryptographic protocol that has since all but been replaced by the more secure Transport Layer Security (TLS) but when referring to security and encryption on the internet people will generally refer to SSL even if they are talking about TLS. Same goes for the certificates that websites use to encrypt your traffic. SSL certs are typically using TLS these days.
Why should you use SSL?
You should primarily use SSL, or HTTPs, to secure your communications from prying eyes, so that it remains private. If you are running a website that takes in any kind of user input, you should be using SSL/HTTPs to secure it for your clients/users. This allows your client/users to have confidence in your site and your company. It can also be used as a way to identify your site as part of your company, if perhaps the domain name is different to the company/brand name.
If you are using an online service, you should make sure you are using their HTTPs link or URL, especially if there are any forms or logins required! There are many ways to get SSL certificates for your site/service, depending on the level of security required, they can range from free to hundreds or thousands of euros/pounds/dollars. In the recent years, there has been a big push by the internet community to move more and more sites to using SSL/HTTPs by default. The Internet Security Research Group (ISRG) has set up its own Certificate Authority called Let’s Encrypt who offers free automated SSL certificates for your websites/services.
SSL Certificates are created to expire!
All SSL certificates have a shelf life. They are only valid from a certain date and valid to a certain date (the expiry date). There are a number of reason for this:
- To ensure older certificates are replaced with newer, stronger cryptographic technologies, forcing the older insecure technologies to be deprecated over time.
- To make sure the certificate details are kept up-to-date, such as server hostname, Company details, etc.
The validity period will depend on the certificate authority you use and your budget. Most SSL certificates are created with a one year validity, which allows the administrators greater flexibility to move to a different authority if needed. Let’s Encrypt, the Free Certificate Authority mentioned earlier, only provide 90 day validity but have mechanisms in place to allow for auto-renewal/replacement of the certificate. Just because this is a short validity doesn’t make it any less secure. In fact, it can actually help the security as the certs are being replaced with newer ones more frequently, meaning hackers have only a short window to attempt to crack the encryption before it all changes again.
What happens if your SSL Certificates expire?
It’s not a good idea to let your SSL certificates expire. It can have a number of impacts on your business…
If your customers are used to seeing your site as secure, they are confident their data is also secure. However, if they suddenly start seeing browser warnings about the loss of privacy, their trust in your site, your brand, your company will be reduced!
Loss of service
If you are running an API for example, client services feeding off your API will most likely refuse to connect to your API until the expired certificate is replaced. This will impact your clients and their services and, again, damage your reputation.
How do you know if a sites SSL certificate has expired?
If you are a Google Chrome user, the image to the right is how you will be notified if a sites SSL certificate has expired.
If you use a different browser, you can click on this special link to see what way your browser handles a site with an expired SSL certificate: https://expired.badssl.com (It’s part of a test site for all things SSL).
Yes, even the big brands sometimes forget to renew their SSL Certs!
The validity period for SSL certificates, while being important to the overall security, is one of the most frustrating parts of SSL. Having to apply and generate new certificates every year or so (or whatever the period is your certificate uses). However, even the biggest brands or firms seem to allow this periodic process to slip past every once in awhile.
Some of the biggest internet names have fallen foul of expired SSL certs. Instagram’s site started showing warnings in user’s browsers in April 2015. In 2013, Microsoft’s Azure Cloud Platform had an expired SSL certificate impacting all it’s customers. Google too had a similar issue with Gmail back in 2008 due to an expired SSL certificate. While these outages only lasted a couple of hours they, nonetheless, impacted on the brand’s reputation.
And all these companies have teams of people responsible for tracking this sort of thing and even they can get it wrong! Perhaps their notifications were falling on deaf ears or dormant email addresses? Or they were monitoring the wrong address? Who knows. Either way, if you use SSL on your site or service, the expiry dates need to be monitored and tracked, regardless of your organisation size!
About Support Renewals (firstname.lastname@example.org)
Our web platform is the best place for you to keep track of all your SSL certificate expiries, IT renewals, hardware and software support renewals, IT contracts, licenses, domain name registrations and all other renewals. We are vendor agnostic, so you can use our platform to keep track of renewals from any vendor, new or old! Our dashboard gives you an overview of your renewals due throughout the year, giving you better forecasting and budgeting, always knowing what renewals are coming up and how much they previously cost you through our fully searchable tables and easy to use interface.
Our new SSL Certificate tracker allows you to quickly add your SSL cert(s) and pre-populate our Add Renewal Form with the certificate expiration date and the issuer details. Once added, we’ll notify you and your team when your certificate expiry is approaching, regardless of whomever originally issued or created your certificate.
Sign up today for your free account and get on top of your renewals once and for all! It only takes a few minutes to get started… https://www.supportrenewals.com