Pulse of Truth

464 readers

77 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 1 year ago

MODERATORS

[email protected]

Microsoft hits snooze again on security certificate renewal (go.theregister.com)

submitted 4 months ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

Seeing weird warnings in Microsoft 365 and Office Online? That'll be why Microsoft has expiration issues with its TLS certificates, resulting in unwanted security warnings.…

you are viewing a single comment's thread
view the rest of the comments

[–] Bookmeat 4 points 4 months ago (1 children)

It's called Let's Encrypt. Holy shit, get with the fucking programme, Microsoft.

[–] [email protected] 5 points 4 months ago

They're their own certificate authority and they let their intermediaries expire too. It's partially automated they just don't monitor it. Similar to when your certbot reports it couldn't renew because of whatever reason, maybe dns validation failure or whatever. It usually tells you like 30-60 days before expiry and there's lots of time.

Microsoft has both the tools and knowledge and still doesn't get them all. Every year. One time it blocked mfa and login services. Sometimes it's just teams. It's like they just figured instead of staff monitoring they figure user feedback like their insider program is just cheaper.