Digital certificates are one way we know to trust someone online. Most of us use them without even realizing it; every time we visit a secure web site, our browser checks a certificate that’s been signed and dated by a trusted third party. Other servers, such as those used to send email, rely on certificates, too.
But certificates, as they did for Google today, sometimes go stale. Given the number of people who use Gmail with their desktop mail application, this means desktop users were faced with a decision: Trust that you really were sending mail to Google’s SMTP servers rather than an evil interloper, or wait until the certificate was updated. Shortly afterwards, Google acknowledged the problem.
Within an hour, the certificate was fixed. And there’s a workaround — web-based mail. But it serves as a reminder of just how many things can go wrong with an online service these days, and how many components we take for granted until they break.
3 trackbacks so far
11:30 PM PT
[...] GigaOM managed to score a screenshot of the expired certificate. Its interesting to note that even the largest of companies can screw up on the smallest things. [...]
10:03 AM PT
[...] Google SMTP a avut pentru cateva ore certificatul digital expirat … se intampla si la case mai mari ca un angajat sa uite sa reinnoiasca chestiile care sunt [...]
11:52 AM PT
[...] is the second time in a week that I’ve come across a big company messing up their certificates. I think the Internet needs [...]
4 comments so far
3:21 PM PT
Getting errors on the RSS link to your story about cleantech investors backing Obama…
3:37 PM PT
Paul, that should be fixed now.
thanks, best, Carolyn
3:38 PM PT
with all the reminders that domain, SSL, etc. providers send about expirations it surprises me that so many companies are late in renewing them. another perfect example of a business process that isn’t yet fully automated.
4:33 AM PT
I think the only real way to automate this process for Google would be if they became a trusted Root Certificate Authority. Given the amount of control they have over the internet at large (I know, I’m embellishing a bit here), the prospect of a Trusted Google CA is kinda scary.