For business owners, SSL/TLS certificates serve as a way to authenticate their servers and establish trust with client browsers. This creates a positive impact on their brand value and sales. For end users, these certificates provide a way to safely transmit sensitive information (such as bank account details, login information, etc.) without having to worry about the integrity of their data or the identity of the server. But what will happen if an SSL certificate expires
What Happens if Your SSL Certificate is Expired
What happens if you find out your SSL certificate has expired? The simple answer is, get a new one NOW. Your website will show a message, “Your connection is not private.” If a client still logs in to your website, the communications will not be encrypted. It will be in plaintext, and therefore, anybody can read it. Thus, you should make sure you renew your SSL certificate before it expires.
After an SSL certificate expires, you will no longer be able to communicate over a secure, encrypted HTTPS connection. All the information will be transmitted in plaintext, leaving your (or your customer’s) data exposed to any attacker listening in on the network.
This is why it’s important to know the validity period of every SSL certificate your organization uses. Every certificate authority (CA) issues SSL certificates that are valid for a specific amount of time — typically one or two years.
When an SSL certificate is expired, these are the types of messages site visitors can expect to see:
Real-World Examples of What Will Happen If SSL an Certificate Expires
Below is a list of some high-profile incidents involving expired SSL certificates. We hope you learn from these situations and will be vigilant about renewing your certificate within its validity period:
US Government Shutdown (2018-2019): Over 130 Expired Certificates Break Dozens of Websites
Even the government isn’t infallible when it comes to SSL certificate expirations. The massive shutdown affected over 80 government websites (including NASA, Department of Justice, etc.) whose SSL/TLS certificates had expired, rendering them insecure or completely unreachable. As per directives from the Department of Homeland Security, all government websites were supposed to be on the HSTS (HTTP Strict Transport Security) preload list, which translates to sites being unavailable over HTTP if SSL/TLS certificates expire.
Ericsson Outage: Cellular Service Unavailable Due to Expired Certificate
On Dec. 6, 2018, millions of people were unable to text or call due to the expiration of a digital certificate linked with Ericsson’s network. It is believed to have been triggered by an expired digital certificate in a version of Ericsson’s management software. The disruption was reported across 11 countries, including the O2 network in the UK.
Buy Sectigo SSL Certificates – Save Up to 79%
Save 79% on Sectigo SSL Certificates. It includes unlimited server licenses, reissuances, 256-bit encryption, and more.
How to View the Certificate Validity Period in Your Browser
These types of scenarios result in reputational damage, service outages, and high cost to the organizations that were affected by these certificate outages. This is why it’s important to stay on top of certificate validity periods to ensure you avoid these situations with your business. Here’s how you can find the SSL certificate expiry date in most client browsers like Google Chrome and Firefox:
- Click on the padlock placed in the address bar right next to the https URL.
- In Firefox, from the dropdown that appears, click on the right of the connection status to view details and then click on more information. In Chrome, you should see a certificate tab in the dropdown, which opens up the certificate details.
- In Firefox, on the page info pop-up window, select the view certificate option.
- Under the certificate viewer window on the general tab, under the period of validity between you can find the expires on date.
How to Avoid Certificate Expiry?
We have already discussed what will happen if SSL certificate expires. Now let’s look at some ways you can avoid these scenarios:
- Every certificate provider typically sends out email reminders before the certificate expires to give you adequate time to renew your SSL certificate. Be sure to check your email regularly and keep your contact information current with your certificate provider.
- Skip the spreadsheet and head over to your CA’s certificate management portal to keep track of all certificates that you have ordered with them. They are more efficient for tracking purposes because you don’t have to worry about your spreadsheet getting deleted inadvertently or losing your file because your system crashed! Here at SectigoStore.com, you can always use the control panel, but the Sectigo Certificate Manager (SCM) comes loaded with state-of-the-art features that help you with lifecycle management, certificate discovery, and visibility, revocation, etc.
- Keep an inventory of all your certificates using tools to avoid any disruptions caused by rogue certificates.
- Automation is the way forward, especially now that the Internet Engineering Task Force (IETF) has standardized the ACME protocol. An automated tool works by installing client agents on your servers that are authorized to reach out to the CA of your choice on behalf of the websites you choose at regular intervals to replace and renew the certificates associated with them.