On November 30th, LinkedIn experienced a global outage. For roughly a couple hours us.linkedin.com, uk.linkedin.com, ca.linkedin.com and several related websites were inaccessible to users.
Service was eventually restored. But, who was the culprit behind this outage? Turns out it was an expired SSL certificate. This is not a new issue in the industry. It’s happened to many large organizations over the years. So, we should all have learned that lesson, right? That’s why it’s puzzling that these types of outages still plague the likes of LinkedIn.
You may have fired up LinkedIn last month, only to be greeted with a 'CERT_DATE_INVALID’ warning,” said Kevin Bocek, chief cybersecurity strategist at Venafi. “You weren’t alone. LinkedIn's website was down across most of its main regions. High-profile websites crash almost every week, but what's really jarring about LinkedIn's stumble is that it was entirely preventable.”
Unfortunately, expired SSL certificates impact organizations across all regions, industries and sizes. According to a recent Venafi study, 79% of organizations have suffered from at least one certificate related outage in the past year.
Sadly, this means the incident at LinkedIn was not an isolated occurrence.
"This all comes down to certificate-related issues,” continued Bocek. “Certificates provide every machine - whether it's a website, application or device, with an online identity. Without them, machines can't trust each other when they communicate. So, when LinkedIn's certificate expired, every major browser simply stopped trusting it. For a global social network with millions of members, it won't be catastrophic. But what if the same thing happened to, say, a large retailer on Black Friday?"
So how can organizations protect themselves from outages caused by expired certificates? For many, the answer is automation.
"To stay in control, organizations should automate the discovery, management and replacement of every single certificate on its network - or LinkedIn won't be the last high-profile snafu,” concluded Bocek. “Outages like this show that it only takes one expired certificate to cause problems.”