It might seem minor, but SSL certificate expiration can cause big problems
When you deal in SSL certificates on a daily basis, you get asked plenty of the same questions. No question, however, gets asked more frequently than “what will happen if an SSL certificate expires?”
And there are two levels to that answer: First, there’s what happening on a technical, interim level. Second, there are the consequences of what’s just happened on that technical level. So, let’s begin by looking at what exactly it is that happens when your SSL certificate expires. Then we’ll look at what can happen because your SSL certificate expired.
SSL Certificate Expiration and You
Let’s start by answering the obvious question: Why do SSL certificates expire? There are two reasons. The first one has to do with the validation that takes place before these certificates are issued. The body that regulates this industry, the CA/Browser Forum (CA/B Forum), favors shorter periods of validity because it requires the entities having certificates issued to undergo more regular validation.
This is important because things change. Information changes. Companies change hands. Websites change hands. If you’re not checking and double-checking the information you have on file for these organizations and websites, then the ability to trust them declines. Make no mistake about it — shorter validity is a browser initiative. The CAs would still prefer to be able to sell three and five-year certificates – but, nowadays, two years is as long as they go.
The other reason for this is that new technology and updated cryptographic standards are being released all the time. Likewise, new vulnerabilities continually pop up. If it takes you three to five years for every certificate using an outmoded standard to expire — it takes the same amount of time for new standards to fully roll out. And, sometimes, you just don’t have that kind of time.
So, with SSL, shorter is better.
Ok, So What Happens When One Expires?
Let’s start on the technical side. When you have an SSL certificate properly installed, your website’s server will engage in something called the SSL handshake anytime a visitor wants to make a connection. During this handshake, the user’s browser will be presented with the site’s SSL certificate. It needs to authenticate the certificate in order to complete the handshake.
The authentication process requires the certificate to be within its validity dates. Every certificate has an issued and expired data coded into it. This allows the browser to determine whether it’s still valid or has expired. If the certificate is expired, the user’s browser has no way to validate the server. That means it can’t definitively tell you if the website presenting this certificate is its rightful owner.
That’s going to cause a browser error that says your connection is not secure. The error is big; it blocks people from getting to your website – effectively breaking the site.
Now, depending on how you’ve configured your server — all hope may not be lost. But you’d have to advise your customers to click through a browser warning, which most people aren’t going to do.
However, if you’ve set up your website to use HTTP Strict Transport Security (HSTS), clicking through the warning won’t even be an option. HSTS forces secure connections, and if the certificate isn’t valid, the browser won’t be able to make one. In that case, your website is completely broken.
The good news is that to fix the issue, you just need to replace your expired SSL certificate with a new one. The bad news is that by the time you do that – there are going to be other consequences.
Purchase Sectigo SSL Certificates & Save Up to 89%
We offer the best discount on all types of Sectigo SSL Certificates. It includes Sectigo Wildcard SSL, EV SSL, Multi-Domain SAN/UCC SSL, and Code Signing Certificates.
What Else Happens If Your SSL Certificate Expired?
Let’s rephrase that question because people get distracted when you word it that way: What would happen if your website breaks?
If you’re running an eCommerce business or a website that transacts in sensitive data, your website is basically your storefront. And you should look at an SSL certificate expiration no differently than you’d view a busted water mane: your operations are shut down.
That means you’re losing money. To figure out how much, just do a little math. Figure out what you’re clearing each day, divide it by the hour, and then time out how long your website was down. That’s about how much money you just lost. For some companies, that can end up being hundreds of thousands, or even millions of dollars — and that’s provided you catch it right away. The Equifax data breach happened, in part, because an expired certificate when unnoticed for 76 days.
And losing money is just the tip of the iceberg. It’s just the others are little more difficult to quantify. Say someone is about to buy something from you and, suddenly, they can’t reach your site. Most people aren’t just going to sit around and wait for it come back up. They’re going to search and find it elsewhere. Maybe they’ll even buy it. Now, not only have you lost a sale, you may have lost a customer.
At the very least, your reputation has taken a hit. For the layman, that just means your website is unreliable. For a more knowledgeable internet user, it’s obvious you just mucked up your cyber security. And that doesn’t inspire confidence.
What You Can Do If Your SSL Certificate Expired
The answer is partner with a company that can alert you when a certificate is going to expire. At CheapSSLsecurity.com, we notify all of our customers 60 days before their certificates are set to expire. We’re using more digital certificates than ever. As such, certificate expiration can be disastrous… And all it takes is one.