Expired SSL Certificate Blocks Microsoft Exchange Admin Portal
The Portal Is Currently Inaccessible from Some Browsers After Microsoft Forgot to Renew the SSL Certificate for the Website.
On May 23rd, Microsoft Exchange admins who intended to access the admin.exchange.microsoft.com portal suddenly found that their browsers were issuing warnings that the connection was not private due to an expired SSL certificate, BleepingComputer writes.
As a temporary fix, the tech giant stated you can access the admin portal from the https://outlook.office.com/ecp/ URL as well.
Image Source: BleepingComputer
Depending on the browser, users are blocked from accessing the site as a security precaution or shown an alert that the data may not be secure. According to BleepingComputer, Google Chrome will stop you from accessing the site altogether, while Firefox will warn you about the insecure connection.
Qualys’ SSL Labs notes that the certificate expired on Sunday, May 23rd, 2021, at 12:00:00 UTC/ 08:00:00 EST.
With encrypted communications come additional complexity and human error, like forgetting to renew an SSL certificate. Expired certificates lead to outages, which are becoming all too common as nowadays the vast majority of online services have switched over to secure connections.
According to a study conducted in the United Kingdom, human error is the leading cause for most cyberattacks, namely 60% of them. Your staff is your first line of defense against hackers, and putting policies in place is only the first step in ensuring they respond to incidents accordingly.
The expiration of a single certificate is sometimes enough to stop an application or even an entire infrastructure from working. That’s what happened in California in August 2020, preventing 300,000 COVID-19 results from being sent from laboratories to the central public database in the state, which resulted in over 12,000 victims.
SSL certificates are more than just a “nice to have” feature for your website. In fact, if you are going to run a successful website that is safe for your users, they have become a necessity. While it may not be mandatory to use an SSL certificate, the rate at which unencrypted web traffic is intercepted, and the frequency that users’ computers and web servers are becoming compromised, is alarming, to say the least. If you want to read more on the matter, feel free to check my colleague Dora’s article on SSL vulnerabilities.
BleepingComputer has reached out to Microsoft to learn more about when they expect the SSL certificate to be renewed but has not heard back at this time.