As you know, I’ve a traffic problem at Forbes. Started Thursday evening. Traffic is down, down, down. Like 5% of normal.
And then there’s this:
GlobalSign has performed a postmortem examination on how, as one of the world’s root certificate authorities, it managed to break a chunk of the web.
The New Hampshire, US-based biz has to date sold 2.5 million SSL/TLS certificates to websites around the world. This week, it inadvertently smashed its own chain of trust: it effectively made its customers’ certs appear untrustworthy in the eyes of web browsers and apps globally.
This prevented many people from being able to access secure websites and online services large and small, from Wikipedia and the Financial Times to GlobalSign’s own servers.
The accidental cockup hasn’t affected everyone: if your computer, phone or some other gadget was among the unlucky ones to fetch a dodgy revocation list from GlobalSign’s network on Thursday, October 13, your browser will stop you from accessing legit HTTPS websites. That’s because your browser has been told GlobalSign-issued encryption certificates are no longer valid.
Someone with rather more technical knowledge than me is going to have to tell me whether this is the problem…..