When the Belgian State Security Service website was left unprotected for several hours last December because a certificate was not renewed on time, it was an embarrassing reminder of the importance of keeping digital certificates up to date.
Many websites use HTTPS, which provides a secure connection. This security depends on a digital certificate that guarantees the authenticity of the website. This shows visitors that they can trust your website and enter their data securely. If one of these SSL certificates is not renewed on time, it can have a number of negative consequences, both for the website owner and visitors to the website.
Possible consequences for the website owner
- Loss of trust because your site is flagged by browsers as unsafe.
- If you have set up your website to use HTTP Strict Transport Security (HSTS), clicking through when the warning pops up is not an option. HSTS enforces secure connections and if the certificate is not valid, the browser cannot connect and your website is consequently inaccessible.
Possible consequences for website users
- A warning message is displayed when visiting the website.
- The website is not available.
- Your personal information may be intercepted by third parties which may result in fraud or identity theft.
How can you, as the owner of digital certificates, protect yourself against this?
Make sure you receive a notification when your certificates are due to expire. Belnet DCS users can easily set up a notification in the Sectigo Certificate Manager for SSL and client certificates that are due to expire within 30 days.