It was reported this morning that when some users noticed on Tuesday that when they tried to access LinkedIn from their desktop or laptop computer they were greeted by an alert that said the connection was not secure. It turned out that the company had forgotten to renew the TLS certificate for its lnkd.in URL shortener. The company quickly took action after being notified. The new certificate is valid until May 2021:
If you are wondering why your browser is throwing a Certificate Error when navigating around @LinkedIn posts their cert expired a few hours ago on the URL shortener lnkd[.]in
Qualys' SSL check report for that domain: https://t.co/LvMILrxkMw
— Carl Leonard (@carlLsecurity) May 21, 2019
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi:
“Certificates control communication and authentication between machines so it’s critically important not to let them expire unexpectedly. Unfortunately, most organizations don’t even have a clear understanding of how many certificates are in use or which devices are using them; so they definitely don’t have a clear idea of when they will expire.
This lack of comprehensive visibility and intelligence routinely leads to certificate-related outages; this is not a unique occurrence. Ultimately, companies must get control of all of their certificates; otherwise, it’s only a matter of time until one expires unexpectedly and causes a debilitating outage.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.