Skip to main content
banner image
venafi logo

Certificate Outage: British Conservative Party Learns a Tough Lesson about Controlling Encryption

Certificate Outage: British Conservative Party Learns a Tough Lesson about Controlling Encryption

certificate outages
January 16, 2018 | David Bisson

The United Kingdom's Conservative Party recently forgot to renew the security certificate for its website. It’s ironic that government officials who are pushing for backdoors into encryption don’t seem to be able to manage it all that well themselves. In their defence, it’s no easy matter to control encryption without the proper tools. That’s one of the reasons why their site is not the first to be impacted by certificate outages. And it’s not likely to be the last. Others weathered the same embarrassment in the past year alone, a frequency which will hopefully spur others to rethink how they're managing their certificates

On 8 January 2018, visitors to encountered something they weren't expecting: an alert message. The warning told them their intended destination might be suffering from security issues. As preserved by The Register:

Your connection is not private. Attackers might be trying to steal your information from (for example, passwords, messages or credit cards).

It didn't take long for users to figure out what had happened. Amidst the fervor of British Prime Minister Theresa May's Cabinet reshuffle and pending appointment of a Brexit minister, someone at the Conservative Party had forgotten to renew the SSL certificate for the website. Hence the warning from web browsers that someone could potentially be impersonating in an attempt to steal visitors' information.

The Internet had a lot of fun with this discovery…at the Conservative Party's expense, not surprisingly. Here are some of the best tweets from users responding to the certificate outage: 




As of this writing, the site is back online after someone renewed the certificate for

The Conservative Party might feel embarrassed after suffering the certificate outage. It shouldn't be too hard on itself, however; its experience isn't particularly extraordinary. On the contrary, many organizations suffered outages of their own in 2017.

Here are a couple that stand out:

  1. LinkedIn

    On 30 November 2017, LinkedIn suffered a global outage due to an expired SSL certificate. The outage rendered,,, and several related websites inaccessible to users for about an hour. Each of the affected services displayed a 'CERT_DATE_INVALID' warning.

    Those on Twitter were quick to point out the damages a certificate outage can cause to an organization, even one as big as LinkedIn. Information security and management professional Aleksandar Valjarevic put it this way:


LinkedIn restored service to the affected websites by 11:30 EST.

  1. HelloSign

    HelloSign is one of the world's leading free eSignature platforms. It allows users to send and receive electronic signatures securely. They can do so with either its end-user solution or its eSignature API.

    For a brief period on 6 June 2017, users weren't able to access HelloSign's services. An expired SSL certificate on its application rendered browsers and API integrations inoperable at 11:27 PDT. Tradition and procedure adjustments related to compliance had something to do with the outage. So too did HelloSign's decision to separate its website ( from its app ( a few months previously.

    As the company explains in a statement released at the time:

    When checking for expiration dates, we checked 'www' since our browsers told us when the expiration date is. Earlier this year, we moved the web-application to and off of, and moved 'www' to a new certificate.

    The outage lasted all of 26 minutes. Still, that didn't prevent some from commenting on the incident. One Twitter user didn't mince their words:


The Need for Better Certificate Management

The incidents involving the Conservative Party, LinkedIn and HelloSign highlight the need for organizations to better manage their certificates. Given the number of certificates deployed in today's increasingly complex IT environments, however, many organizations must look beyond manual processes. Instead they must look to an automated solution that helps them discover all their certificates and then monitors those encryption assets for vulnerabilities and signs of misuse.

The Venafi Platform can help organizations can this level of visibility over their certificates. You can learn more about this solution here.

Related blogs/span>

Like this blog? We think you will love this.
Featured Blog

Stop Certificate Outages from Increasing in Frequency and Severity

Machine identity management was a mess This company had experienced 2

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more