in Internet, Security

When Good SSL Goes Bad

I spent a bit of time over the Christmas break revamping this site and preparing to write more posts. I moved to the nice clean theme – not unlike Medium for ease of reading, and I wanted to move the whole site to HTTPS. Why enable SSL for the whole site?

Well, I already had an SSL cert generated for some other * sites, so I wouldn’t have to jump through those hoops again1. I needed to protect the admin pages of the site anyway and applying SSL across the entire domain was actually easier than targeting specific pages. The technical cost to the server is now very low, as Adam Langley of Google wrote in 2010:

If there’s one point that we want to communicate to the world, it’s that SSL/TLS is not computationally expensive any more. Ten years ago it might have been true, but it’s just not the case any more. You too can afford to enable HTTPS for your users.

And finally, one reason that wasn’t top of my list but was interesting to learn: Google now give sites delivered over SSL a small boost in the rankings.

The certificate I had handy was generated back in April 2016 for use on various subdomains. It was still valid until April 2018, so why not reuse it? Why not indeed. This will come back to haunt me.

So last night I added this cert to Apache and configured the redirect to ensure all traffic landed on Spot the flaw in this plan. As that cert was generated as a wildcard for the subdomains – and only the subdomains – it actually doesn’t include itself. Any browser would choke on this discrepancy and reject the secure connection. Whoops.

So I needed to regenerate a certificate that was good for (and include any subdomain). Since I’m already validated at StartSSL, I went through their very quick generation process and downloaded a fresh cert. A quick restart of the Apache service and was up and running with a valid SSL certificate. Job done! Nope.

The Untrusted Cert

This morning, a friend on Slack sent me a screenshot of the cert failing to validate:

With a bit of digging, I realised that some news I heard in September last year had finally caught up with me. StartCom – the provider I’ve been using for my certs – had demonstrated a number of technical and management failures resulting in the major browser manufacturers no longer fully trusting them.

This is a result of a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority. The investigation also showed that in 2015 WoSign silently acquired StartCom without disclosing the deal to browser vendors who operate certificate root programs. Yes, a Chinese owned and operated company issuing SSL certificates globally via a subsiduary without telling anyone. As a result, most browsers won’t trust any certificates issued by WoSign or StartCom after the 21st october 2016.

So my brand new cert? Not that useful! Interestingly, Firefox would load the site without problems, but on iOS and OS X Safari would silently fail.

What next?

StartCom was low cost – in some cases free – which meant it was a very popular and widely used Certificate Authority. Many geeks like me and a good number of corporates used it to generate their certificates. With it demonstrably untrustworthy, where to turn?

There is another. And it is free, fantastically well supported and easy to automate. I’ll detail how I got it up and running tomorrow.

  1. Sadly, not true.