Re: Cert expired - ssl still working - whats the risk?

Giganews Newsgroups
Subject: Re: Cert expired - ssl still working - whats the risk?
Posted by:  James Matthews (jamesmatt…
Date: Mon, 12 Nov 2007

Only if you trust the site

"fpjr843" <fpjr8…> wrote in message
> Looking for some feedback from the folks here that I can give to senior
> managment.
> My employees use a web-based application that is hosted by one of our
> partners.  Staff enter confidential and sensitive information on this web
> site.  Yesterday the digital certificate expired and the site
> administrators
> are not reacting very quickly to get it renewed.  I, as "big I.T.
> security",
> have blocked my employees from accessing the web site.  But now the
> manager
> of the program is painting me as the stronghanded big brother.  Its
> stopping
> productivity and business flow.  I realize that even though the cert
> expired
> SSL is still working and encrypting the data.  My sense is the only thing
> lost by not having a valid cert is the ability to know for sure what web
> site
> we are talking to.    So what do you all think?  Did I do the proper thing
> by
> blocking access or should I relax a little?


In response to

Cert expired - ssl still working - whats the risk? posted by fpjr843 on Thu, 8 Nov 2007