A real-world view: How expired certificates can cause service downtime and financial losses

Website downtime can have severe financial implications for businesses and organizations. According to recent studies, the average cost of a single minute of downtime is estimated to range from $5,600 to $9,000. 

One of the key reasons for website downtime is certificate expiry. In the 2023 State of Machine Identity Report, 77% of respondents said their organization suffered at least two significant certificate-related outages within the past 24 months.

To shine a light on the importance of proactively monitoring your company’s Certificate Inventory to avoid costly downtime, we’ve compiled a list of high-profile companies whose oversights unfortunately led to big losses.

1. Expired Certificates: A Cascade of Problems

a) Shopify: An expired root certificate made its way into a staging environment, risking a production deployment. Fortunately, a deployment freeze prevented it from reaching the live environment.

b) Microsoft: The expiration of the WinGet CDN’s SSL/TLS certificate impacted package installations and upgrades, affecting users’ experience and productivity.

c) Microsoft and Spotify: An expired certificate disrupted the Windows 11 Clock app’s Spotify integration, rendering it non-functional.

d) Starlink: Over several hours, Starlink experienced downtime due to an expired certificate, affecting its satellite internet services.

2. Widespread Impact

a) Windows Insider: The expiration of a certificate resulted in the temporary unavailability of the Windows Insider program, disrupting the testing and feedback loop.

b) Spotify: An expired certificate caused a service outage on Megaphone, Spotify’s podcast platform, hindering content distribution and listener engagement.

c) LinkedIn: The expiry of a country subdomain SSL certificate impacted the accessibility and security of LinkedIn services.

3. Government Systems and Critical Infrastructure

a) US Government: 80 certificates expired, leading to many US government websites being inaccessible.

How Red Sift can help

With the right solution, certificate expiry is one of the simplest problems to fix. Proactive monitoring can help organizations identify expiring certificates ahead of time, allowing them to renew or replace them before they cause disruptions. By avoiding website downtime, businesses can mitigate the financial costs associated with outages and ensure uninterrupted services for their users. Establishing robust certificate management practices is an essential part of maintaining a secure and reliable online presence in today’s digital world.

Red Sift’s Hardenize monitors your certificates and notifies you if they’re about to expire, proactively avoiding downtime. Crucially, we also monitor the certificates of third-party services your sites rely on, helping you avoid problems via dependencies and services you don’t control directly. Finally, via Certificate Transparency, we observe all the world’s certificates as they are issued in real-time. We automate analysis of these discoveries so that you can ignore those that are known and compliant, but focus your attention on misissued certificates.

To learn more about certificate expiry issues that could lead to expensive downtime, watch our recent webinar “Stop downtime caused by expiring certificates“.

PUBLISHED BY

Billy McDiarmid

6 Jul. 2023

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Cybersecurity

Your guide to the SubdoMailing campaign

Billy McDiarmid

A significant number of well-known organizations have been attacked as part of what’s being called the SubdoMailing (Subdo) campaign that has been going on since at least 2022, research by Guardio Labs has revealed.   The scale of execution of this attack is staggering, and the impact is hugely damaging, but the goal is simple…

Read more
Certificates

A confident deployment guide for TLS and PKI

Ivan Ristic

Our journey to better network transport security has been quite the ride, filled with ups and downs. Back in the ’90s, when SSL and the Netscape browser were just taking off, things were pretty hard. We were dealing with weak encryption, export restrictions on cryptography, and computers that couldn’t keep up. But over the…

Read more
DMARC

Red Sift OnDMARC: The best Agari alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Agari DMARC Protection that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Agari and Red Sift OnDMARC – one of the most popular Agari alternatives on the market.  Red Sift OnDMARC overview Red…

Read more
DMARC

Red Sift OnDMARC: The best Valimail alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Valimail that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Valimail and Red Sift OnDMARC – one of the most popular Valimai alternatives on the market.  Red Sift OnDMARC overview Red Sift OnDMARC…

Read more