Monday, November 23, 07:20
Home security SSL certificates that expire cause problems on devices!

SSL certificates that expire cause problems on devices!

On May 30, its channels streaming service Roku stopped working with its customers platform have no idea what exactly happened. The company advised customers to update their devices manually, stating in a statement that due to the expiration of SSL certificates, some channels Roku-based streaming service based on SSL certificates may not work as expected. In addition, Roku advised customers to install an automatic information company software. On the same day, Stripe and Spreedly digital payment platforms went on holiday, attributing this to the end of the Certificate Authority (CA) root certificates.

As you know, SSL certificates have an expiration date. To operate the encryption SSL / TLS, o server presents SSL certificates to customers, which can be applications, web browsers or devices. If a server certificate is nearing its end, sysadmin can easily update it. However, in order for the customer to trust any certificate presented as valid, the web browsers, applications and devices are equipped with a set of pre-installed root certificates issued by a reliable certification authority (CA). Now, these root certificates expire later than server certificates, after up to 20-25 years.

SSL certificates that expire cause problems on devices!

In a blog post, security researcher Scott Helme said the problem occurred on May 30 at 10:48:38 GMT. At that time, the AddTrust External CA Root ended, showing the first signs of the problem that he suspected had been around for some time.

He added that there are many CA Root Certificates that expire in the coming years simply because it has been more than 20 years since the start of the encrypted web since this is the lifespan of a CA Root Certificates. He also stressed that this will affect several customers of the Roku streaming service. Helme expects the next "potentially important date" to be September 30, 2021, as the CA Certificates issued by the DST Root CA X3 expire. This means that if client applications and devices are not updated in a timely manner, they will not recognize Let's Encrypt certificates causing connection problems. Helme, who has been warning about this impending problem for 2 years, gave some additional information on his blog about the recent Let's Encrypt certifications that may not be compatible with most Smart TV models, due to the very few root stores that exist in the devices.

While regular updates to your smart devices are an obvious solution, they may not be as obvious to the end user. During regular updates, smart devices can download new root CA certificates to add to their root stores. This assumes that the device manufacturer continues to provide these updates, even in revised root certificates.

A smart one gadgets may go through periods of prolonged inactivity lasting a few weeks or months. If the root CA certificates have expired on a rarely updated gadget while it was offline, it may have a problem reconnecting to the Internet when it is turned on.

For example, a smart light bulb may be able to connect to the internet, but it may need a secure connection to its server to start receiving updates. If this smart bulb had previously been "disconnected" from the internet for a few months and now the grace period for updating the root CA certificates has passed, it may no longer be able to reconnect unless it is updated manually, if this is still the case. possible.

SSL certificates that expire cause problems on devices!
SSL certificates that expire cause problems on devices!

In addition, devices such as smart bulbs, watches or refrigerators do not have an advanced user interface that can give users several clues as to exactly what is happening, especially at a technical level. At first glance, even the most technically trained user may not be able to spot the real problem. Given the many CAs options that can issue root certificates, the frequency and number of certificates distributed on end devices vary.

Helme noted that even the most modern devices and the most advanced gadgets are not modern enough, because they do not manage to take into account the latest root certificates. In order for smart devices and IoTs to continue to operate without interruption and to ensure a smooth user experience, stakeholders, partners and competitors in the industry must agree to a standard set of practices and adhere to it. It is not justified in 2020 that devices still do not recognize root certificates issued in 2012.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to transfer Chrome tabs between iPhone, iPad and Mac

You can set Chrome as the default web browser on your iPhone and iPad and use it as your default ...

How can you view the "Notification Center" on iPhone and iPad?

Those who have an iPhone or iPad are familiar with the alerts but also with how annoying they can become. However...

Instagram: How to block messages from Facebook users?

As we said in a previous article, Facebook gives users the ability to send messages ...

How to create Tweets that disappear through Fleets

Temporary "stories" have become very popular on social media. The corresponding feature on Twitter is called "Fleets" and you can ...

Pixel 5: 5 features make it a better choice than the iPhone 12

One of the most exciting smartphone trends of 2020 was the rise of "value flagships" that offer flagship experiences at a lower price ...

How to insert bullets into an Excel spreadsheet

Adding a list of bullets to an Excel worksheet is not simple, but it is possible. Unlike Microsoft ...

iPhone: How to take square photos

The updated iPhone camera app in iOS 14 has changed some settings or added new ones. If you want to take square photos, ...

ELTA email fraud: Phishing email asks you to pay!

ELTA email fraud: Phishing email asks you to pay! Phishing email asks you to pay a fee for parcel delivery.

Microsoft adds consumer features to Teams

Microsoft launched the Teams consumer capabilities on iOS and Android earlier this year. From yesterday, November 19, ...

What are the malware that usually install ransomware?

If you see any of these malware on your corporate networks, stop doing everything and check all your systems.