Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security IT

GlobalSign Error Causes Widespread Internet Issues (theregister.co.uk) 39

An anonymous reader writes: GlobalSign, one of the root CAs globally, has 'inadvertently revoked its intermediary certificates while updating a special cross-certificate. This smashed the chain of trust and ultimately nullified sites' SSL/TLS certificates. It could take days to fix, leaving folks unable to easily read their favorite webpages.' The issue may take up to four days to resolve itself.Two hours ago, GlobalSign said it was able to identify the problem, but due to caching issues, many of its customers were still experiencing issues.
This discussion has been archived. No new comments can be posted.

GlobalSign Error Causes Widespread Internet Issues

Comments Filter:
  • Was getting this error last night. Crapdot, yesterday's news tomorrow!

  • by Anonymous Coward
    Just the NSA inserting themselves into another certificate system. Carry on.
  • Their email to us (Score:3, Informative)

    by Anonymous Coward on Thursday October 13, 2016 @03:39PM (#53071501)

    This is what I got in my inbox at 11:56 PST

    Dear Valued GlobalSign Customer,

    In follow up to our earlier email communication describing the issue you are experiencing with your GlobalSign certificates, our engineering and support staff have put together a troubleshooting guide that will help you resolve the certificate revocation error. We will continue to update this troubleshooting guide as new updates are added.

    OCSP Revocation errors - troubleshooting guide: https://support.globalsign.com/customer/portal/articles/2599710-ocsp-revocation-errors---troubleshooting-guide

    If you continue to have issues, we welcome you to open a support ticket here: https://support.globalsign.com/customer/portal/emails/new

    Thank you as we continue to work to resolve this issue. We will communicate additional updates with you.

    Lila Kee
    Chief Product Officer
    GMO GlobalSign

    US +1 603-570-7060 | UK +44 1622 766 766 | EU +32 16 89 1900
    www.globalsign.com/en

  • This happened to me when trying to read the previous article on theguardian. With Chrome I didn't see an easy way to get around it. I am sure there is a way in the settings, but who bothers with trying to figure that out.
  • It turns out that when you're facing east, north is actually on your right. Why did it take so long for people to discover such a fundamental global sign error?

  • Facebook once forgot to renew some certificate on one of its user tracking systems. For about half a day I could not go anywhere on the internet with the exception of a few really ancient pages written in archaic HTML without getting at least three nag-windows complaining about an expired Facebook SSL certificate.
  • "unable to easily read their favorite webpages"
    Oh, that's allright then.

    I pity the sysadmins working overtime tonight.

  • by Anonymous Coward
    On the positive side, at least this shows that some CRL and OCSP servers are actually responding and that browsers are using them. That's good news. Oftentimes those damn servers don't respond.
  • but due to caching issues, many of its customers were still experiencing issues.

    Caching can be a PITA. Our org's default PDF viewer caches pages, and we constantly get complaints about users seeing outdated info. It doesn't respect the usual conventions of "no-cache" meta tags and even F5. Adding a random URL parameter sometimes works, sometimes not.

    Isn't caching also a security risk? If you discover bad content, such as malicious embedded JavaScript, you'd want it replaced immediate with the good version

  • For the last week I've been getting NAG popups on Slashdot relating to improperly named and/or dated cert's from ADS served up. The related name is optim something or other and was generally date related. I finally turned on AD blocking to stop the recursive, very intrusive pop-ups. If this continues I'll just leave the AD blocker up and to hell with supporting /. The quality of ads has taken a severe downturn here and the continued auto play ads are really beginning to annoy. As much better as the place wa

  • Sad... (Score:4, Funny)

    by Stormy Dragon ( 800799 ) on Thursday October 13, 2016 @06:11PM (#53072625) Homepage

    To discover the headline was "(Global Sign) Error..." and not "Global (Sign Error)..."

  • Globalsign being an American company, do they owe anyone money?

Just about every computer on the market today runs Unix, except the Mac (and nobody cares about it). -- Bill Joy 6/21/85

Working...