Menu
Expired Google certificate temporarily disrupts Gmail service

Expired Google certificate temporarily disrupts Gmail service

Google let a certificate linked to the Gmail SMTP server expire, causing issues for third-party email clients

Google forgot to renew one of its TLS certificates, leading to service disruption Saturday for people using Gmail through third-party email clients.

The problem was fixed in a matter of hours, but should serve as a reminder to online service operators that keeping track of digital certificate expiration dates is important and should be planned for in advance.

Some users reported Saturday on Twitter and other sites that email clients like Microsoft Outlook and OS X Mail were displaying certificate errors when trying to send email messages through smtp.gmail.com.

It seems that it wasn't the SMTP (Simple Mail Transfer Protocol) server's certificate that expired, but one higher up in the chain that corresponded to Google Internet Certificate Authority G2 -- an intermediate certificate authority operated by Google.

When SSL/TLS certificates are validated by software applications, all certificates they link back to need to be valid as well. In this case the certificate for smtp.gmail.com had been issued by Google Internet Authority G2, which had in turn been issued by GeoTrust Global CA.

According to the Gmail status page, it took Google around two and a half hours to fix the problem, which affected "a majority of users." The certificate was renewed and is now set to expire on Dec. 31, 2016.

While operators of large online services typically monitor their certificates closely, similar expiration incidents have occurred before and when they do, they can have serious consequences.

In February 2013, an expired certificate issue disrupted the Microsoft Azure service worldwide for around a day. Since Azure is a cloud computing platform, many third-party services relying on it were affected as well.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags online safetyGoogleMicrosoftsecurityencryptiondata protectionpki

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments