The dangers of SSL certificates
surfingcomplexity.blog
Yesterday, the Bazel team at Google did not have a very Merry Boxing Day. An SSL certificate expired for and as shown in this screenshot from the github issue. This expired certificate apparently b…
  • Not a newt@piefed.caEnglish
    4·
    2 hours ago

    There’s no natural signal back to the operators that the SSL certificate is getting close to expiry.

    Not sure what the author considers a natural signal, but it’s definitely possible to monitor time to expiry, for example with the Prometheus blackbox exporter.

    Furthermore, I have issues with calling SSL Certificates dangerous. The author cites a lack of graceful degradation (and suggests that site errors should increase as certs get closer to expiry???) and the fact that they cannot be staged because time is the variance… However, staging certs is possible. One does not need to wait until the previous cert expires before issuing a new one. In fact, the new cert doesn’t even need to be signed by the same CA. So it’s possible to generate a new cert, test it, and then have it go live. In fact, ACME does do this to a limited degree, and the article does mention that the automated cert renewal process failed and that such failure was not noticed due to missed monitoring signals. So the title should have been “Insufficient monitoring is dangerous.”

    Lastly to be pedantic: s/SSL/TLS/