Re: Cert expired - ssl still working - whats the risk?

Giganews Newsgroups
Subject: Re: Cert expired - ssl still working - whats the risk?
Posted by:  James Matthews (jamesmatt…@gmail.com)
Date: Mon, 12 Nov 2007

Only if you trust the site

--

http://search.goldwatches.com/
http://www.jewelerslounge.com/
"fpjr843" <fpjr8…@discussions.microsoft.com> wrote in message
news:F4ED5152-9565-4955-B06E-FE26769351…@microsoft.com...
> Looking for some feedback from the folks here that I can give to senior
> managment.
> My employees use a web-based application that is hosted by one of our
> partners.  Staff enter confidential and sensitive information on this web
> site.  Yesterday the digital certificate expired and the site
> administrators
> are not reacting very quickly to get it renewed.  I, as "big I.T.
> security",
> have blocked my employees from accessing the web site.  But now the
> manager
> of the program is painting me as the stronghanded big brother.  Its
> stopping
> productivity and business flow.  I realize that even though the cert
> expired
> SSL is still working and encrypting the data.  My sense is the only thing
> lost by not having a valid cert is the ability to know for sure what web
> site
> we are talking to.    So what do you all think?  Did I do the proper thing
> by
> blocking access or should I relax a little?

Replies

In response to

Cert expired - ssl still working - whats the risk? posted by fpjr843 on Thu, 8 Nov 2007