DigiCert Plans to Revoke Thousands of SSL/TLS Certificates

• DigiCert is set to start a mass revocation of SSL/TLS certificates on August 3 due to non-compliance issues with domain control verification.
• DigiCert has clarified that more than 83,000 certificates and 6,800 of its subscribers were to be affected.

In a major development that has shocked the cybersecurity community, DigiCert, a leading provider of TLS/SSL, PKI, IoT, and signing solutions and digital certificates, has announced the revocation of over 83,000 SSL/TLS certificates, which will impact approximately 6,800 customers. The move will likely generate urgent responses and precautionary measures from various sectors, including critical infrastructure.

The Incident

On July 30, DigiCert publicly disclosed the incident regarding incorrect certificate issuance, making the revocation necessary. According to DigiCert, the root cause was traced to a malfunctioning system of the certificate authority, which resulted in the issuance of certificates without validation checks. The incident impacted the integrity of the affected certificate, creating security risks.

The revocation affects more than 83,000, including organizations in critical infrastructure sectors. The impacted certificates are essential to ensure secure communications over the internet. Consequently, security issues could expose sensitive data to unauthorized access.

The incident has sparked discussions about the efficacy of certificate management practices and the need for better validation processes. It also highlights the role of certificate authorities in maintaining internet security.

See More: Faulty Operation of Microsoft’s DDoS Defenses Amplified Impact of Azure Outage

Security Response and Extensions

In response to the incident, DigiCert announced plans to revoke the compromised certificates by August 3. However, recognizing the impact of such a revocation on a wide scale, especially for critical infrastructure, the company has granted extensions to certain customers. Encouraged by the Cybersecurity and Infrastructure Security Agency (CISA), the certificate authority plans to mitigate the risk of outages and operational challenges.

The CISA has issued an advisory highlighting the importance of the revocation process and the need for extensions to prevent disruptions in critical services. The agency has recommended that any affected organizations promptly replace certificates and monitor security measures during the transition period.

Mitigation Measures

DigiCert has bolstered its support services for affected customers to promptly replace the impacted services. The company is also providing customers with resources and detailed guidance on completing the process, ensuring minimal downtime and the security of digital communications.

As DigiCert works to fix the problem, it is essential for affected customers to ensure that the certificates are replaced securely and on time. The company has reassured its users about its commitment to security and transparency standards, promising to learn from this incident and strengthen its systems against future threats.

Takeaways

While the DigiCert incident highlights a significant vulnerability, the cybersecurity community has praised the company’s prompt response and transparency. Experts highlight the need to monitor and improve security protocols to prevent similar incidents.

The DigiCert certificate revocation incident is a stark reminder of digital security’s complex and critical nature. The immediate need is to mitigate the impact on affected customers. The long-term goal, however, is to bolster the resilience of cybersecurity infrastructure, ensuring that such vulnerabilities are managed and mitigated for the foreseeable future.

LATEST NEWS STORIES

• EU’s Artificial Intelligence Act Comes Into Effect
• OpenAI Launches the Advanced Voice Mode… With a Catch
• Intel May Be Planning Major Job Cuts to Reduce Costs
• Canva Acquires Leonardo AI to Bring Visual AI to Content Creators