Eduard5d ago

Cyber.mil serving file downloads using TLS certificate which expired 3 days ago

https://www.cyber.mil/stigs/downloads

Welcome to LWC Communities!

Show threaddmitrygr5d ago
So what? They keep shortening the validity length of these certificates, making them more and more of a pain to deal with.
Show threadgslepak5d ago
Using old compromised certificates is a legitimate MITM attack vector.
Show threaddmitrygr5d ago
Which would make sense if they were valid for 10 years and somebody forgot about them. Not when they’re valid for, what is it now, 40 days?
Show threadsmashed5d ago

An official government source is teaching users to ignore security warnings about expired certificates.

Mistakes happen, some automation failed and the certs did not renew on time, whatever. Does not inspire confidence but we all know it happens.

But then to just instruct users to click through the warning is very poor judgement on top of poor execution.

Show threaddmitrygr
This was the predictable outcome of shortening certificate length validity to appoint where they are now.
Mar 23 at 4:05pmWeb