Security Risks When Certifcates Expire

Have you ever wondered what happens when a certificate expires?
Certificates are a critical component of keeping a platform operational and secure.   All organization’s assets use certificates.   Servers and Workstations have many certificates and are critical for continuous operations.

Certificates expire over a period of time and need to be renewed.   There are no expiry warning messages and IT Admins need to remember to take care of it.  It is common that the renewal is forgotten about.  Why?  Well, except for a lack of good working procedures in an organization, a certificate normally has a duration of 3 years, while the average tenure of an IT professional in an organization is 2 years, it often gets overlooked.

So, what happens when a certificate expires?  Whilst it can cause an operational outage for some services which are dependent on encryption and mutual authentication, the most common scenario is accessing a website, it is identified as not secure and blocked with a warning message.  This will result in reduced user trust, loss of productivity and loss of revenue.   Letting a certificate lapse can impact every organization, even big names such as LinkedInPokemon GoThe White House and the UK Conservative Party have all had this happen to them and deal with some public embarrassment.

Certificates are not just for websites but also many critical applications and services (e.g. user login, email services and VPN connection).  Expiration of such services can cripple an organization with loss of productivity.   A common scenario is for email to stop working due to a lapse in a certificate.

There is a serious security risk around an expired certificate and it is not just a nuisance.  It creates a weakness for hackers to take advantage of.  Another common scenario is when we encounter a blocked website, we normally just continue to view the website, accepting the risk.  However, now both the user and the organization are vulnerable and at risk.

Certificate expiration is an Endpoint Configuration Security (ECS) feature supported by Gytpol Validator.   We continuously monitor all certificates in all organization assets and will provide the visibility to the IT Admin and SecOps as to their status.   In addition, we automatically alert before the certificates expire in the Gytpol dashboard as well as to the SIEM.

View more blogs >>

Most Popular

Get in touch with us