Expired Digital Certificate Causes Gmail Disruption Over The Weekend
Google’s popular Gmail service had a temporary interruption on Saturday.
PC World is reporting that the digital certificate Gmail uses expired, causing many third-party email clients, such as Microsoft Outlook and OS X Mail, to temporarily lose service.
People using third-party email clients with Gmail, when trying to send emails, continually received a message that there were certificate errors when trying to use smtp.gmail.com.
It turns out, however, that it wasn’t Gmail’s SMTP (Simple Mail Transfer Protocol) certificate that was at issue, but rather Google’s Internet Certificate Authority G2 — a Google-operated intermediary certificate authority.
The issue with Gmail arose because there is a chain of digital certificates that, in order to work properly, must be kept current. Gmail made the mistake of allowing the Authority G2, who is Google’s in-house certificate issuer, to let a certificate expire, which created the shutdown, even though all of the other certificates were current. When the third-party email clients tried to verify the SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate pathway, the expired G2 certificate blocked the request.
Google issued a message to its users, stating Google was “aware of a problem with Gmail affecting a majority of users” and apologized “for the inconvenience and thank you for your patience and continued support.”
The issue ended up affecting most of the estimated 500 million Gmail users worldwide. Google said it took about two and a half hours to correct the situation. The new Gmail certificate is now valid until December 31, 2016.
Expired digital certificates are becoming a growing problem. In February of 2013, an expired certificate caused a global shutdown of Microsoft’s Azure cloud-computing service. Once the digital certificate was validated, service returned to normal.
Venture Beat is reporting that the Gmail G2 digital certificate originated from GeoTrust Global CA, who is responsible for maintaining the validity of the certificates in that chain, along with Google.
Part of the issue seems to have stemmed from a problem Gmail had with the China Internet Network Information Center (CNNIC). Google began refusing digital certificates issued by CNNIC because CNNIC suffered a security lapse and could no longer be trusted. The CNNIC calls that “unacceptable and unintelligible.”
Newsfactor is reporting that Google’s Apps Status Dashboard issued a warning at approximately 1:21 p.m. EST by way of a service icon announcing Gmail was temporarily down. A second notice was posted at 2 p.m. EST saying the issue with Gmail would soon be rectified. At 3:46 p.m. EST, Google released a notice saying the issue had been resolved and thanked Gmail’s clients for their patience.
[Image courtesy of Geek]