back to article UK.gov law resources now untrustworthy, according to browsers

The SSL certificate on the criminal justice and court listing site justice.gov.uk expired yesterday, causing browsers to now warn users that their information is at risk. The site can still be accessed if users click through their browser's warnings, and contains resources on courts, procedure rules and offenders. It is …

  1. RyokuMas
    Trollface

    Blame Brexit...

    Seems that it's trendy to blame Brexit for everything that goes wrong with the government/economy/whatever these days, so why not this as well?

    1. 's water music
      Trollface

      Re: Blame Brexit...

      Hmmn, I'm never sure if I should still be blaming stuff on the EU until March 2019 so I think I will fall back on blaming 'the parents' or Thatcher

  2. TRT Silver badge

    Bizarre...

    I must get at least 4 email warning a day for the month leading up to a certificate expiry date. Even AFTER I've paid for and installed the new certificate. It drive me insane, TBH.

    1. Anonymous Coward
      Anonymous Coward

      Re: It drives me insane, TBH.

      "Dammit, these warnings are driving me insane! I'll just disable/filter them for a week until the renewal goes through properly; then I'll re-enable them ..." :-/

  3. Anonymous Coward
    Anonymous Coward

    That's not UK Gov Law, it is UK.GOV JUSTICE

    That's not UK Gov Law. It is "justice". AFAIK, those are have slightly different meanings in the Oxford dictionary...

    1. Anonymous Coward
      Anonymous Coward

      Re: slightly different meanings in the Oxford dictionary...

      And completely different meanings in reality! Am I right kids? FIGTH THE SYSTEM!!!

      1. CrazyOldCatMan Silver badge

        Re: slightly different meanings in the Oxford dictionary...

        FIGTH THE SYSTEM

        Which system do I splatter with over-ripe figs?

    2. TRT Silver badge

      Re: That's not UK Gov Law, it is UK.GOV JUSTICE

      I thought 'justice' was the standard reply to the question asked, when called to the bar, "What would you like in your single malt whisky, your honour?"

  4. Anonymous Coward
    Childcatcher

    How bloody hard is it?

    * Put a recurring entry in your financials

    * Put a recurring appointment in your email client

    * Use a monitoring system - the open monitoring plugins can do a check for pending expiry

    * Check with your browser every now an again

    * Don't ignore the tons of imminent expiry emails sent by vendors

    Yes I do know why nearly all of those examples apart from a proper monitoring system will fail. Personal email address rather than a group one along with mail blindness will bugger several.

    Laziness will account for most other failure modes.

    1. handleoclast

      Re: How bloody hard is it?

      Use a monitoring system - the open monitoring plugins can do a check for pending expiry

      If you're not monitoring, you're doing it wrong.

      If you're not monitoring everything you can, you're doing it wrong.

      If you're not monitoring SSL certs, you're a fucking idiot.

      Even small, shitty hosting companies often monitor client SSL certs. Even if the client handles renewals, the hosting company monitors anyway. Just in case. It costs little to set up and bugger-all to run, yet it allows the hosting company to catch problems like this and if they do the client thinks they're wonderful. No downside, potential upside is good.

      Belt. Braces. Shirt-grip in the waistband. Superglue.

      Who is hosting justice.gov.uk? Oh, Squiz. Who they? Ah, their website is suffering from buzzword overload. Every bit of bullshit management-speak I've ever seen and some new ones they invented themselves.

      Forward, Faster

      Squiz technology enables you to deliver smarter services via the web

      and

      In other words, we’re all becoming more efficient, faster, more intelligent, more automated and more connected than ever before. And this represents an enormous opportunity for us.

      This isn't rocket surgery. They claim to be more intelligent and more automated but this failure shows that they're neither. Not even if some bod in gov.uk was handling the renewals directly. Squiz should have been monitoring anyway, because that would be more intelligent...

  5. Anonymous Coward
    Anonymous Coward

    The person in charge of the website administration and certificates was probably an EU worker that abandoned the UK fearing he would end up being deported anyway.

  6. Anonymous Coward
    Anonymous Coward

    read that as

    UK.gov law now untrustworthy

  7. katrinab Silver badge

    I see they now have a link to their pki validation key from the front page

    https://www.justice.gov.uk/.well-known/pki-validation

  8. 0laf
    Facepalm

    Nothing shocking. Most Gov departments have hundreds of certs all bought by different contractors at a different times registered with random addresses and no central record of what is where and running out when.

    It'll be increasingly common to see these errors in the future as everyone has jumped on the https bandwagon for and will likely have lost all the data for the certs.

    1. Anonymous Coward
      Anonymous Coward

      you mean something shoddy like HM Government using a 1-year cert from RapidSSL for the Ministry of Justice??

  9. LewisCowles1986

    Excuse Moi?

    Firstly SSL is not ONLY about security. For legal documents and news it should be essential to serve via SSL so that you are protected against tampering.

    Secondly the UK government should have an automated renewal procedure, it's trivial to setup. Heck maybe they could fund LetsEncrypt to advance their tech creating some net good.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like