Skip to Main Content

GoDaddy Revokes SSL Certifications

Posted on 1.11.2017

There's been a big push for enterprises to implement SSL on their Web properties but it appears that at least one company may have been a little hasty in their processes. 


 SUBSCRIBE to Website Magazine & Accelerate 'Net Success


GoDaddy has reportedly removed, but started re-issuing, new SSL certifications for more than 6,000 customers after a bug was discovered in the registrar's domain validation process back in late July of 2016. Just two percent of the certifications GoDaddy issued from that date to this week were impacted. 

According to GoDaddy's vice president and general manager of security products Wayne Thayer the bug caused the domain validation process to fail in certain circumstances. The company says it inadvertently introduced the bug during a routine code change that was intended to improve its certificate issuance process.

GoDaddy revealed that it was not aware of any compromises related to the bug but the issue did expose sites running SSL certificates from GoDaddy to spoofing where a bad actor (hacker) could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials. 

Customers that were impacted will need to log in to their accounts and initiate the certificate process in the SSL Panel.

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  • Your Guide to 2017 Sales Tax Changes

    2017 Sales Tax Changes