Expert Reaction On Pulse Secure VPN Users Can’t Login Due To Certificate Related Outage

Remote workers around the world have been unable to connect to Pulse Secure VPN devices after a code signing certificate used to digitally sign software components expired.

Experts Comments

April 13, 2021
Eddie Glenn
Senior Product Manager
Venafi

What happened with Pulse Secure VPNs is a pretty common code signing issue. The reality is that code signing is a complicated topic and a lot of developers don’t fully understand it which is how issues like this one can arise. As a result, code signing certificates expire, software stops running and users are upset. 

 

What happened in this situation is that the software that was used to run the VPN was checking the date of the code signing certificate, instead of the timestamping server. This

.....Read More

What happened with Pulse Secure VPNs is a pretty common code signing issue. The reality is that code signing is a complicated topic and a lot of developers don’t fully understand it which is how issues like this one can arise. As a result, code signing certificates expire, software stops running and users are upset. 

 

What happened in this situation is that the software that was used to run the VPN was checking the date of the code signing certificate, instead of the timestamping server. This is why it is a bug in the software, rather than an issue with a compromised certificate.

 

By design, code signing certificates have short lifespans so they cannot be used indefinitely if they fall into the wrong hands. However, if a code signing certificate expires, then the software that was signed with it is no longer able to run. This is where code signing timestamp servers come into play. When one signs software, a timestamp from a reputable, public entity is also included. These timestamps indicate that the code signing certificate was valid at the time it was used to sign the code. When a code signing certificate and a timestamp are combined, a piece of software can be signed with a certificate that will expire in the near future, but the software will continue to be able to be executed far into the future because the timestamp server is still valid.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.