web analytics
News and Threat Analysis

REVOCATION OF CERTIFICATES EVADE TRUST FROM LEGAL SITES

While surfing website from modern web browsers like Chrome, Safari, Edge, in the top URL bar, you’ve definitely encountered a lock sign. This lock sign makes a good impression on your mind either it is a legal site or a phishing website. There are many chances that when the website shows you the warning “Your connection to this site is not private”, that website no longer exist in your good books.

But what if a valid site gets a tag of insecure connection? Same thing has been happened with around 2000 websites out there on the internet, observed by researchers from Netcraft.

On 11 July, Digicert(a Certificate Issuing Authority) revokes around 50,000 Extended Validated Certificates that are issued from Certification Authorities which do not appear in audit reports or have presented a discrepancy. These CAs which are affected:

  • DigiCert Global CA G2 
  • GeoTrust TLS RSA CA G1 
  • Thawte TLS RSA CA G1 
  • Secure Site CA 
  • NCC Group Secure Server CA G2 
  • TERENA SSL High Assurance CA 3

Due to the deadline given by the Digicert, many websites fail to replace their certificates under the given time and thus modern browsers recognize their site with an insecure connection.

HOW SSL CERTIFICATE ENSURES CREDIBILITY?

This is the game of a SSL(Secure Socket Layer) certificate. The SSL certificate ensures that the website is trusted by establishing encrypted connection between client and the server. Let us understand what the trust means!

If you read the article in our website on how to digitally verify your documents, we used a word Certificate Authority(CA). The CAs are the authorities which are trusted globally by vendors. So if a user wants that his/her document reaches to the end user without any tampering or wants to ensure the integrity of the document to the end user, he/she digitally signs the document, but the reader still not validate it until the identity of the signed certificate is present in it’s list of trusted identities. To make it valid, the user needs to get signed certificate that is used by one of these CA so that your identity certificate gets verified by the reader on the end system. Similarly, to ensure the integrity of the website, Certification Authorities like DigiCert, Let’s Encrypt digitally,etc, your website’s SSL certificate needs to get signed by one of these authorities.

The digitally signed certificate by one of the authorities let you get a tag of a secure connection to the end user. Otherwise, there are open source software like OpenSSL through which you can create your SSL certificate but that certificate is not recognized as valid by these modern browsers because your browser only trust certificates from CA or their accredited authorities.

HOW SITES ARE AFFECTED?

The revocation of Extended Validation Certificates done by the Digicert makes around 2000 sites got affected. There are 3 types of validations out there:

  • Domain Validation
  • Organization Validation
  • Extended Validation

Out of these these methods mentioned above, extended validation as the name suggests, means that more validation than normal that requires even more documents and proofs. It is done by legal websites so that there are no chances of phishing.

Almost daily we got to know about phishing cases that got their domain name registered almost similar to that of some govt. or some legal domain name which ultimately results into stealing of user’s private data. This Extended Validation tries to overcome this problem to an extent and if a user gets an alert and see the details of SSL certificate in the browser, there are almost no chances to caught by hackers in a phishing campaign  unless or until they are not attacking in another way.

So, as mentioned, some websites get a red alarm of using revoked certificates which includes some reputed websites as:

  • State Bank of India
  • RackSpace
  • Authorize.net
  • ANZ Bank
  • Telegram
  • Wirecard

Screenshots of being displayed as insecure connection by modern browsers, observed by researchers from Netcraft:

CONCLUSION

Many websites have already replaced their revoked certificates. We know that in today’s world, privacy is all what needed to us. These certificates ensure a user that there is no middle man in between end server and user. It is important that web admins and Certification Authorities understand the importance of their revoked certificates and should accordingly improve their methodologies and procedures .