Problems with GlobalSign certificates

13 October 2016

Problems arose today with GlobalSign’s SSL certificates. Visitors of websites secured with GlobalSign certificates may see incorrect errors informing them that the certificates have been revoked.

Background

The problem is caused by the fact that GlobalSign changed the way their root certificates are signed. By removing a connection between two of these root certificates, browsers see this as the revocation of the relevant intermediate certificates.

Because of how the OCSP protocol works, all issued certificates under these intermediate certificates are also seen as revoked. This means that visitors will receive warnings in their browsers about revoked certificates. GlobalSign has published a detailed explanation of the issue with more technical details.

Solution

GlobalSign has already resolved the problem, although the incorrect data may be stored in the caches of visitors for up to four days. To prevent visitors from seeing errors, GlobalSign has generated replacement intermediate certificates. By replacing the intermediate certificates on the web server, the problem will be resolved instantly.

As an alternative solution, clients can also get a replacement certificate from Comodo free of charge. This certificate can be used as a temporary or a permanent solution.

Naturally, you can always contact us if you have any further questions about this issue.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues