Why it’s important to monitor your SSL (Secure Sockets Layer) and TLS certificates

The Transport Layer Security (TLS) protocol, the updated, more secure version of SSL (Secure Sockets Layer) is designed to add security to web traffic. It wraps the traffic in a layer of encryption, which protects it against being read and modified by an eavesdropper.

TLS works on the principles of public key cryptography, which uses a pair of public and private keys to securely generate a shared secret key between a website and a visitor. This shared secret key is then used to encrypt all communications between the client and the server.

A TLS certificate provides a user with the public key associated with a particular site and verifies its authenticity. Without the TLS certificate, it is impossible to prove that a certain public key actually belongs to a particular website. An attacker could provide a client with their own public key instead, enabling them to masquerade as the site owner.

  • Published: 18-11-2021

  • Related Category: Network Security

  • Type of Content: Articles

  • Owner: TrustedSite

TLS certificates can be used for other purposes as well. The public keys they contain are also useful for verifying digital signatures created with the corresponding public key. These digital signatures can be used to validate software authenticity or provide integrity verification on other types of data.

In summary, TLS certificates provide businesses, and their customers, with multiple benefits including:

Authentication: The TLS certificate verifies that a particular public key belongs to a website. This ensures that if the server uses the corresponding private key throughout the process, the website has not been replaced by a phishing site.

Confidentiality: The public key in TLS certificates is used to securely create a shared secret key between the client and server. This key is used to encrypt data to protect it against eavesdropping.

Integrity: Public key cryptography can also be used for digital signatures. These prove that the signed data has not been modified since the certificate was generated.

However, all of these benefits are lost if a TLS certificate is allowed to expire.

What are the risks of expired TLS certificates?

TLS certificates are only valid for a certain amount of time. This is intended to minimize the impact of compromised certificates by ensuring that they expire after a certain period. The lifetime of a TLS certificate can vary based on the provider and service offering, but a website owner can renew them once the certificate has expired.

However, certificate expiration means that a website owner needs to periodically take action to renew their certificates. Failure to do so can harm an organization in a number of different ways.

Lack of Data Encryption

Valid certificates are a vital component of the TLS protocol. The public keys that they contain are used to generate a shared secret key between the website and its visitors. Without it, this key generation cannot occur.

If TLS certificates are expired, then web browsers will display a warning to users that a site is insecure. If a user wants to visit the site, they need to state that they accept the risk in order to continue to the site. A user needs to know how to click through the prompts to do so and may be scared away by the warnings displayed by their browser. This failure to renew certificates can cause customers to lose trust in the site and may turn away visitors, causing a loss of sales as well.

Site Outages

TLS certificates are vital to HTTPS connections, the secure option for accessing a website. While some sites may be accessible via HTTP or HTTPS, others require secure connectivity.

For example, sites collecting payment card information need the encryption provided by HTTPS to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Without a valid TLS certificate, these sites are completely unusable.

Expired TLS certificates causing full site outages or loss of some functionality is not uncommon. In April 2021, American Express users were notified that their payment www.trustedsite.com cards were being removed from Google Pay despite the fact that these cards were still valid and unexpired. After some investigation, the cause was discovered to be an expired certificate that broke communications between the servers of Google and American Express. Without this certificate, these users’ cards were repeatedly removed from Google Pay.

Another example of the impact of expired certificates is an underreporting of COVID19 cases in California in 2020. An expired certificate on the CalREDIE site made it impossible for testing labs to upload the results of COVID-19 tests. As a result, between 250,000 and 300,000 test results were delayed, causing the state to underreport its number of positive COVID-19 tests.

Man-in-the-Middle Attacks

The main purpose of TLS is to protect users against eavesdroppers. Without the encryption, authentication, and integrity protections provided by TLS, an attacker can perform a man-in-the-middle (MitM) attack.

In a MitM attack, an attacker intercepts communications between two parties, allowing them to decrypt, read, and potentially modify all traffic flowing between the client and the server. An expired certificate makes this possible because it increases the probability that a user will accept a spoofed certificate or switch to an insecure HTTP site.

Failed Code Checks

Many platforms, such as the iPhone, use digital signatures to verify the authenticity and integrity of a program before running it. These digital signatures rely on certificates to provide the public key used in validation. If this certificate expires, then validation will fail.

An example of the impact of expired certificates on code checks is an outage of Pulse Secure VPNs in April 2021. The issue was caused by a failure to renew a code signing certificate for the software, causing it to be rejected as invalid. With the surge in remote work caused by the COVID-19 pandemic, this inability to securely access corporate resources hurt many companies’ employee productivity during the outage.

Loss of Security Visibility

TLS is now used to protect the majority of Internet connections with both positive and negative consequences. On the plus side, the use of TLS protects legitimate users from eavesdroppers, protecting users’ privacy and data security. However, TLS can also be used to conceal malware’s command and control traffic or data exfiltration.

>> Download Article to continue reading.

Related Articles: