Users recently took to Twitter to notify several organizations of expired SSL certificates preventing them from visiting their websites.
Jonathan Katz (@katzmandu) was among the first of these users. On 29 March, he reached out to Bitly and eBay on Twitter about the ebay.to link redirect. He noticed that the SSL certificate used for ebay.to had expired, and he wanted to know who was responsible for maintaining it.
Who runs the https://t.co/PFRhh0lrOf link redirect? Their SSL cert expired. @Bitly ?? @eBay_UK @eBay ??
— Jonathan Katz (@katzmandu) March 31, 2019
Katz wasn’t the only user who raised a complaint about a certificate outage that day. Just a few hours after his post, a user contacted an email and SMS service provider about an expired SSL certificate. Sometime later, two other individuals disclosed separate outages affecting a major telecommunications company in Peru and a well-known skateboard magazine.
The reports didn’t end there. Just two days later, users identified certificate outages affecting the websites for a software developer, a product expert, a French premium television channel, a WordPress backup plugin, a community engagement tool, an Australian domain name registrar and even Argentina’s tax administration. The day after that, additional user-submitted complaints came in for a movie/content distribution platform and a UK cryptocurrency exchange.
All of these recent tweets reveal how customers aren’t willing to let certificate outages slide. In fact, they’re more than willing to reveal on social media how expired certificates prevented them from accessing a company’s services. Such comments, in turn, reflect poorly on a company’s customer experience.
This revelation isn’t surprising. In a recent survey with 550 CIOs, Venafi discovered that half of respondents were concerned about certificate outages affecting customer experience. Unfortunately, this study also found that 85 percent of CIOs believe that the increasing complexity and interdependence of IT systems will make outages more painful in the future.
Acknowledging this forecast, organizations can’t sit idly by and wait to hear about an SSL outage affecting their services on social media. They need to take a proactive approach to ensuring their SSL certificates remain up-to-date. This can be challenging for some organizations, especially when the management of encryption assets has been decentralized in the past. In response, organizations should consider investing in a solution that can help them centrally manage their certificates. Such a tool should come with the ability to streamline the certificate renewal process to avoid certificate outages.