LinkedIn Certificate Outage – Lesson Learnt

By   ISBuzz Team
Writer , Information Security Buzz | May 23, 2019 05:30 am PST

It was reported this morning that when some users noticed on Tuesday that when they tried to access LinkedIn from their desktop or laptop computer they were greeted by an alert that said the connection was not secure. It turned out that the company had forgotten to renew the TLS certificate for its URL shortener. The company quickly took action after being notified. The new certificate is valid until May 2021:  

Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi: 

“Certificates control communication and authentication between machines so it’s critically important not to let them expire unexpectedly. Unfortunately, most organizations don’t even have a clear understanding of how many certificates are in use or which devices are using them; so they definitely don’t have a clear idea of when they will expire. 

This lack of comprehensive visibility and intelligence routinely leads to certificate-related outages; this is not a unique occurrence. Ultimately, companies must get control of all of their certificates; otherwise, it’s only a matter of time until one expires unexpectedly and causes a debilitating outage.”