Microsoft just made a rather embarrassing basic security error
Microsoft failed to renew the certificate for one of its fairly important web pages, causing the site to crash and redirecting people elsewhere.
Spotted by The register (opens in a new tab)Windows Insider Software Testing Program certificate expired Thursday afternoon, June 9.
Those who tried to visit the site during this time received the usual “Your connection is not private” message, and Chrome, Firefox or Safari users were warned by their browsers. (opens in a new tab) do not continue.
Those who did were redirected to the main Windows page with 302 and 307 redirect responses, according to the post, implying that the company was already aware of the problem at the time.
Since then, the certificate has been renewed and the site is operational again.
Occasionally, certificates expire and are not renewed on time, which breaks some things in the process. In October 2021, one of the largest not-for-profit Certificate Authority (CA) services saw high levels of renewals from websites (opens in a new tab) and apps, leading to major outages at some big-name sites.
Due to the expiration of its cross-signed Root CA X3 DST, the Let’s Encrypt issue, which is handled by the Internet Security Research Group, has left websites and apps such as Shopify and Slack down . At the time, Let’s Encrypt took to Twitter to advise affected customers to check out the community forum, with no promises to fix the issue soon.
A month later, an expired certificate affected Windows 11 21H2 and prevented Windows users from opening certain applications.
In 2020, an expired authentication certificate made Microsoft Teams inaccessible for some time.
While expired certifications are a nuisance, they can be even worse if they affect root certificates and bork services, the post explains. Such was the case with Sectigo’s AddTrust legacy root certificate. (opens in a new tab) which, when it expired two years ago, affected thousands of customers.