[Cryptography] Government shutdown: TLS certificates not renewed, many websites are down
Florian Weimer
fw at deneb.enyo.de
Sun Jan 13 12:48:55 EST 2019
* Tom Mitchell:
> Now I need to look at the 80 to see if there are systematics to the
> list. I dislike thing that look dumb on one side and well planned
> on another. The partial government shutdown that began Dec. 22.
> How was the WH issued a fresh cert after the shutdown. Who works on
> Sunday especially with a shutdown. Who paid the fee?
Akamai (the CDN operator) probably handles the key material and any
required certificate renewal.
| The Certificate Provisioning System (CPS) provides full life cycle
| management of SSL/TLS certificates for your Akamai Secure Delivery
| Network applications. This includes ability to request new
| certificates, modify existing certificates, automatically renew
| certificates, and delete certificates.
<https://developer.akamai.com/api/core_features/certificate_provisioning_system/v2.html>
The certificate subject (with O=The Executive Office of the President)
is affected by the shutdown (according to Wikipedia at least), but
that doesn't matter if the process is fully automated (similar to
Let's Encrypt) or outsourced (which is probably the case here).
More information about the cryptography
mailing list