Skip to main content
banner image
venafi logo

GoDaddy Will Revoke Buggy SSL Certificates Tonight. Are You Ready?

GoDaddy Will Revoke Buggy SSL Certificates Tonight. Are You Ready?

GoDaddy Fixes SSL Bug
January 11, 2017 | Scott Carter

Today GoDaddy announced an SSL bug in its certificate validation process. To remedy the problem, the certificate authority will revoke and reissue the faulty certificates. But if an impacted organization is not prepared to act quickly to reinstall and revalidate these new certificates, visitors to their websites may be exposed to error messages or browser warnings. And if they are attempting to replace certificates manually, it could consume valuable staff hours that many organizations cannot spare. 

In a blog post, GoDaddy outlined the certificate impact as follows:

“On Friday, Jan. 6, we learned about a bug that impacted our SSL certification validation process. The bug was introduced on July 29, 2016, and impacted less than 2 percent of the certificates issued from July 29, 2016, to Jan. 10, 2017. It affected approximately 6,100 customers. The software bug that created the issue has been remedied. We continue to closely monitor the system. We will revoke these certificates at 9 p.m. (PST) Jan. 10, 2017. We are actively working with our customers to reissue their SSL certificates.”

GoDaddy’s proactive stance is admirable. But this incident still raises questions about how completely you can trust your CA. Venafi VP of security strategy, Kevin Bocek clarifies the challenge, “As the use of cloud, mobile, and IoT devices drives an explosion in demand for digital certificates businesses need to be prepared to respond to an increase in errors and security compromises from certificate authorities.”

Since human error is inevitable given the vast numbers of certificates that we now require, how quickly are you prepared to react when the SSL flaws do surface? Tim Bedard, director of digital trust analytics for Venafi warns that organizations often don’t have the visibility they need to solve problems like this. As a result, they cannot respond in a timely fashion.

According to Bedard, “Quite often, organizations can’t revoke and replace faulty certificates quickly. In fact, most organizations replace certificates manually, one at a time – a process that is insecure, lengthy and resource intensive. Security issues like this negatively impact any business with an online presence, and the weaker their cryptographic risk posture is, the greater the negative impact.”

The better you are equipped to manage and control your own certificates, the less you will have to rely on the infallibility of any certificates authority. Bocek sums it up the importance of active certificate management, “This is a clearly a wakeup call for businesses. Trust in digital certificates enables the global economy and impacts every Internet user, business, and government, but businesses rely on manual methods to manage them. To protect your business, you must know the location of every certificates in use and be able to replace any of them instantly.”

Does your organization have what it takes to quickly replace vulnerable certificates? 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Prepare this presentation and send it to me, once approved you can teach entire team.

Overheard at Machine Identity Protection Global Summit 2019

machine identity protection

Leaders Underscore the Critical Nature of Machine Identity Protection at Inaugural Global Summit

About the author

Scott Carter
Scott Carter

Scott Carter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat