Skip to main content
banner image
venafi logo

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years
May 22, 2019 | Scott Carter

On May 21, LinkedIn users accessing the site from their desktop or laptop computers began to get alerts that warned them that their connection was not secure. It soon became apparent that LinkedIn had forgotten to renew the TLS certificate for its URL shortener, lnkd.in.
 


 

Roughly two years ago, the company experienced the same type of certificate-related event when an expired certificate rendered us.linkedin.com, uk.linkedin.com, ca.linkedin.com and several related websites inaccessible to users for a couple of hours. Yet again, LinkedIn responded quickly with a new certificate. But questions remain about the company’s overall treatment of machine identities. According to SecurityWeek “LinkedIn has once again put user data and privacy at risk by allowing a TLS certificate to expire.”

Are you more likely to face a certificate-related outage than the CIOs we surveyed? See The Report.
 

Kevin Bocek, chief cybersecurity strategist at Venafi, comments, “The plague of no visibility, intelligence and automation for machine identities—TLS keys and certificates—has hit another high-profile company. LinkedIn became untrusted on Tuesday when its TLS digital certificate expired.”
 

Downtime or security alerts are bad enough, but this type of certificate mishap could be a symptom of an even larger security issue. In the U.S. Government Accountability Office report on the Equifax breach, we learned that an expired certificate allowed attackers to bypass a security device that was tasked to inspect network traffic for suspicious packets. Even worse, the problem was not detected for a matter of months.
 

While in this instance, the expired certificate only triggered security warnings, expired certificates may also trigger more extensive consequences, such as certificate-related outages. Venafi Security Architect, Bill Madell, asks why we still have application outages caused by expired certificates.
 

“Let's face it, there’s one machine identity challenge that continues to plague large enterprises—certificate-related outages. They consume an inordinate amount of time and resources to fix, and to make matters worse, they are actually quite difficult to diagnose. When an application goes down, your IT and security response teams may follow several false avenues of investigation before identifying an expired certificate as the culprit. All this adds up to a huge drain on availability, not to mention productivity.”
 

Unfortunately, expired TLS certificates impact organizations across all regions, industries and sizes. According to a recent Venafi study of CIOs from the U.S., U.K., France, Germany and Australia, 60% experienced certificate-related outages that impacted critical business applications or services within the last year.
 

Why do outages like this continue to occur? Large organizations find on average over 50,000 previously unknown machine identities. This problem is becoming even more critical as organizations the volume and rate of change connected with machine identities increases. “The lack of comprehensive visibility and intelligence routinely leads to certificate-related outages. This is not a unique occurrence,” notes Bocek. “Ultimately, companies must get control of all of their certificates; otherwise, it’s only a matter of time until one expires unexpectedly and causes a debilitating outage."
 

To avoid the aftermath of an expired certificate, Bocek recommends that, “Businesses of all sizes, need real-time visibility, intelligence, and automation about where TLS keys and certificates that serve as machine identities are installed in order to eliminate these kinds of outages.”
 

How certain are you that your organization won’t experience an embarrassing, and potentially risky, certificate outage?
 

Learn more about machine identity protection. Explore now.

 

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

encryption backdoor

Overheard in the Press: Encryption Backdoor Debate

 junger Geschäftsmann mit der Brille, die, stehend gegen eine weiße Backsteinmauer verwirrt schaut

Sechs Dinge, die Sie über Ihre Zertifikate wahrscheinlich nicht wissen (aber wissen sollten)

business man looking for answers  - digital certificates

6 Things You Probably Don’t Know about Your Certificates [And Why They Matter]

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat