Microsoft has failed to renew the certificate for one of its rather important web pages, causing the site to break and to redirect people elsewhere.
Spotted by The Register (opens in new tab), the certificate for the Windows Insider software testing program expired on Thursday, June 9, in the afternoon hours.
Those who tried to visit the site during that time were met with the usual “Your connection is not private” message, and users of Chrome, Firefox, or Safari, were advised by their browsers (opens in new tab) not to proceed.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
Those who did, were redirected to the main Windows page with 302 and 307 redirect responses, the publication claims, hinting the company was already aware of the issue, at the time.
Since then, the certificate has been renewed and the site back up and running again.
Every now and then, certificates expire and don’t get renewed on time, breaking a few things in the process. In October 2021, one of the biggest non-profit Certificate Authorities (CA) services experienced high levels of renewals from websites (opens in new tab) and apps, resulting in some big name sites experiencing significant outages.
Due to its cross-signed DST Root CA X3 expiring, Let’s Encrypt's issue, which is run by the Internet Security Research Group, left websites and apps such as Shopify and Slack experiencing outages. At the time, Let’s Encrypt took to Twitter to advise the affected customers to consult the community forum, offering no promise of resolving the issue quickly.
> Top websites see outages as Let's Encrypt's CA certificate expires (opens in new tab)
> GitHub home page down after apparent SSL fail (opens in new tab)
> Russia creates its own TLS certificate authority to bypass sanctions (opens in new tab)
A month later, an expired certificate affected Windows 11 21H2 and prevented Windows users from opening certain apps.
Back in 2020, an expired authentication certificate made Microsoft Teams inaccessible for a while.
While expired certifications are a nuisance, they can be even worse if they affect root certificates and bork services, the publication explains. Such was the case with Sectigo’s AddTrust legacy root certificate (opens in new tab) which, when it expired two years ago, affected thousands of customers.