Blame Brexit...
Seems that it's trendy to blame Brexit for everything that goes wrong with the government/economy/whatever these days, so why not this as well?
The SSL certificate on the criminal justice and court listing site justice.gov.uk expired yesterday, causing browsers to now warn users that their information is at risk. The site can still be accessed if users click through their browser's warnings, and contains resources on courts, procedure rules and offenders. It is …
* Put a recurring entry in your financials
* Put a recurring appointment in your email client
* Use a monitoring system - the open monitoring plugins can do a check for pending expiry
* Check with your browser every now an again
* Don't ignore the tons of imminent expiry emails sent by vendors
Yes I do know why nearly all of those examples apart from a proper monitoring system will fail. Personal email address rather than a group one along with mail blindness will bugger several.
Laziness will account for most other failure modes.
Use a monitoring system - the open monitoring plugins can do a check for pending expiry
If you're not monitoring, you're doing it wrong.
If you're not monitoring everything you can, you're doing it wrong.
If you're not monitoring SSL certs, you're a fucking idiot.
Even small, shitty hosting companies often monitor client SSL certs. Even if the client handles renewals, the hosting company monitors anyway. Just in case. It costs little to set up and bugger-all to run, yet it allows the hosting company to catch problems like this and if they do the client thinks they're wonderful. No downside, potential upside is good.
Belt. Braces. Shirt-grip in the waistband. Superglue.
Who is hosting justice.gov.uk? Oh, Squiz. Who they? Ah, their website is suffering from buzzword overload. Every bit of bullshit management-speak I've ever seen and some new ones they invented themselves.
Forward, Faster
Squiz technology enables you to deliver smarter services via the web
and
In other words, we’re all becoming more efficient, faster, more intelligent, more automated and more connected than ever before. And this represents an enormous opportunity for us.
This isn't rocket surgery. They claim to be more intelligent and more automated but this failure shows that they're neither. Not even if some bod in gov.uk was handling the renewals directly. Squiz should have been monitoring anyway, because that would be more intelligent...
Nothing shocking. Most Gov departments have hundreds of certs all bought by different contractors at a different times registered with random addresses and no central record of what is where and running out when.
It'll be increasingly common to see these errors in the future as everyone has jumped on the https bandwagon for and will likely have lost all the data for the certs.
Firstly SSL is not ONLY about security. For legal documents and news it should be essential to serve via SSL so that you are protected against tampering.
Secondly the UK government should have an automated renewal procedure, it's trivial to setup. Heck maybe they could fund LetsEncrypt to advance their tech creating some net good.