DigiCert’s 24-Hour Certificate Chaos: Thousands Scramble, Critical Services at Risk
DigiCert’s SSL/TLS certificate revocation sweep affects tens of thousands, sparking chaos. Customers scramble to replace certificates on short notice, with some warning of real-world safety implications. Lawsuits ensue, and DigiCert admits the challenge of meeting 24-hour revocation requirements. IT teams are pulling all-nighters—hope they get more than a $10 Uber Eats gift card!
Hot Take:
“When life gives you lemons, make lemonade,” they say. But when DigiCert hands you a 24-hour notice to replace thousands of SSL/TLS certificates, make sure you have a very large and highly caffeinated IT team on speed dial.
Key Points:
- DigiCert’s SSL/TLS certificate revocation affects tens of thousands of customers due to a five-year-old programming flaw.
- The flaw involved broken domain ownership validation and random numbers, impacting 83,267 certificates for 6,807 subscribers.
- Many critical infrastructure and healthcare organizations are struggling to meet the 24-hour revocation deadline.
- DigiCert is providing limited extensions under “exceptional circumstances,” but all certificates must be replaced by August 3, 2024.
- Affected IT teams are working overtime, with some organizations facing potential safety risks due to the short notice.
Already a member? Log in here