Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government The Internet Technology

Government Shutdown: TLS Certificates Not Renewed, Many Websites Are Down (zdnet.com) 1044

More than 80 TLS certificates used by US government websites have expired so far without being renewed, leaving some websites inaccessible to the public. From a report: NASA, the US Department of Justice, and the Court of Appeals are just some of the US government agencies currently impacted, according to Netcraft. The blame falls on the current US federal government shutdown caused by US President Donald Trump's refusal to sign any 2019 government budget bill that doesn't contain funding for a Mexico border wall he promised during his election campaign. This has resulted in hundreds of thousands of government workers being furloughed across all government agencies, including staff handling IT support and cybersecurity. As a result, government websites are dropping like flies, with no one being on hand to renew TLS certificates.
This discussion has been archived. No new comments can be posted.

Government Shutdown: TLS Certificates Not Renewed, Many Websites Are Down

Comments Filter:
  • Often it seems that one of Trump's top motivations is to piss on the democrats, without concern for what it does to anyone who is not a hard core supporter of his. If we could get someone on Fox & Friends to say that the most dramatic thing he could do to piss off the democrats at this point would be to resign - leaving Pence in charge - he just might do it. Pence is not a great guy either but he's at least reasonably intelligent and honest enough to not stare into a camera and lie his ass off (yet). Just tell trump about the sweetheart deal Nixon got when he resigned and Trump might go for it. Hell if he goes out willingly he could still get lifetime secret service protection for him and his family for the rest of all their lives, saving him many millions of dollars.
    • by Joce640k ( 829181 ) on Friday January 11, 2019 @10:07AM (#57943634) Homepage

      If they pay for his wall because he has a tantrum, what's next?

      He'll be shutting down the government for every last little thing until he gets his way.

      There's no way anybody should give way on this (except The Donald, obviously).

      PS: Wasn't Mexico going to pay for this?

      • by raymorris ( 2726007 ) on Friday January 11, 2019 @10:34AM (#57943910) Journal

        Clinton, Obama, Schumer and Pelosi all voted for a wall before Trump made actually getting it done a major campaign promise. Millions of people entering illegally, and often getting injured, assaulted, or even killed during the trek, was a "crisis" that needed to be solved, until Trump decided to actually solve it. The funding was "urgently needed", these Democrats said on national TV, until Trump would "get credit" for having done it.

        "Illegal Immigration is wrong, plain and simple. Until the American people are convinced we will stop future flows of illegal immigration, we will make no progress." Sen. Chuck Schumer

          "We simply cannot allow people to pour into the United States undetected, undocumented and unchecked." - Barak Obama
        Less than a year later, Obama and 25 other Senate Democrats voted for the Secure Fence Act, the 2006 legislation that authorized the construction of 700 miles of barriers along the southern border.

        "[we must] spend money to build a barrier to try to prevent illegal immigrants from coming in. ... I do think you have to control your borders." - Hillary Clinton

        How about the Dems allow the government to do what they themselves have said is "urgently needed" rather than obstructing it because they don't want the orange idiot to get the credit for it?

        • context matter (Score:5, Insightful)

          by Anonymous Coward on Friday January 11, 2019 @11:28AM (#57944398)
          Those were not about walls along the whole fucking shebang southern border, but rather small portion, and about sensible policies. You know, like the one republican hate more than dems : fining hugely and financially crushing people hiring illegals. But wait, can't do that, most of those are rich folk voting republican AND donating money. Yet this crack down on the people hiring illegals is what WORK.
        • by greythax ( 880837 ) on Friday January 11, 2019 @11:38AM (#57944488)

          Could have something to do with the fact that the fence they are asking for is $361 PER INCH (generously, including the 150 miles of fence that is already built) and would only cover 11% of the border? Doesn't sound worth shutting down the government to me.

  • fake news (Score:2, Interesting)

    by Anonymous Coward

    One appears to be a test domain, one expired before the shutdown and the third does not resolve publicly and the article says the org was not affected by the shutdown.

  • Let's Encrypt (Score:5, Insightful)

    by Meneth ( 872868 ) on Friday January 11, 2019 @09:52AM (#57943484)
    If they set up Let's Encrypt properly, they can have automatic renewing of their certificates.
    • Re:Let's Encrypt (Score:5, Insightful)

      by Nkwe ( 604125 ) on Friday January 11, 2019 @11:46AM (#57944552)
      Putting a certificate on a website does two main things: 1) Allows the traffic to be encrypted, and 2) Provides assurance to people using the website that the website is genuine. Let's Encrypt only does the first thing - allows encryption. Let's Encrypt provides no real assurance that the website is what it claims to be. For many websites the encryption use case is sufficient, and using Let's Encrypt makes all kinds of sense both practically and economically. If you are a bank, the social security administration, a retail site that takes credit card numbers, or any site that your users may provide you with sensitive data, you really want to purchase a certificate from an authority that provides a higher level of identity assurance than does Let's Encrypt.
  • by Murdoch5 ( 1563847 ) on Friday January 11, 2019 @10:06AM (#57943612) Homepage
    There's no reason this isn't automated, run a CRON job every 30 days that refreshes the TLS certs and move on with your day.
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Friday January 11, 2019 @10:08AM (#57943642)
    Comment removed based on user account deletion
    • by close_wait ( 697035 ) on Friday January 11, 2019 @10:15AM (#57943712)
      Oh, you mean that core election promise that Mexico would pay for the wall with a one-off payment. Looks like the Dems (and the GOP before Jan) are just holding him to that promise.
  • by Anonymous Coward on Friday January 11, 2019 @10:19AM (#57943752)

    The blame falls on the current US federal government shutdown caused by US President Donald Trump's refusal to sign any 2019 government budget bill that doesn't contain funding for a Mexico border wall he promised during his election campaign.

    What he says he would or wouldn't sign is 100% irrelevant, because 1) he's a liar so nothing he says is ever relevant and 2) the Senate hasn't voted on the budget yet, so there's no budget for the president to sign.

    This problem is caused by senators who are too pussy to pass a bill that the president doesn't like. Think about that. This is the pussiest president we've had since .. Wilson!?!?! And the Republican dominated senate is too pussy to stand up to him. Those senators need to go. Start with voting McConnell out as majority leader.

  • by will_die ( 586523 ) on Friday January 11, 2019 @10:25AM (#57943816) Homepage
    If your certs are about to expire(30-60 days out) and you are not planning for it, especially when they will be failing around the end of the year with Christmas and new years, that is just an example of you being a poor system administrator.
  • by Comboman ( 895500 ) on Friday January 11, 2019 @10:40AM (#57943974)

    NASA, the US Department of Justice, and the Court of Appeals are just some of the US government agencies currently impacted, according to Netcraft.

    US government is dead. Netcraft confirms it.

  • Poor IT practices? (Score:5, Insightful)

    by egriebel ( 177065 ) * <edgriebel@gmaOPENBSDil.com minus bsd> on Friday January 11, 2019 @10:45AM (#57944038) Journal
    I know that this being /. that people like to bash Trump at every opportunity (even when unwarranted), but isn't this problem one of crappy cert management? Waiting until the very last minute before renewing a cert isn't a Best Practice. It's not like your wasting money by renewing a cert early.
    • The shutdown is happening because those parts of the government are not allowed to spend money. The last budget ended September 30th. They can't spend the money on a new cert until they get a new budget.

  • TLS anyone? (Score:4, Informative)

    by bill.pev ( 978836 ) on Friday January 11, 2019 @04:29PM (#57946626)
    Am I the only person that finds it oddly predictable that, in response to a story about TLS, almost every single comment is a biased (one way or the other) comment about "the Wall" or the Donald or the Problem with America Today.

    Cert expiration is a problem mostly because certificates cannot be renewed. They must be replaced, and as close to expiration as possible. If only there were a way to push the expiration out.. maybe by having a replacement cert, or a see-next-instance logic.

    This way, certs could be renewed before they expire, just as Domain names are. And yes, I understand the technical limitations making this a necessary evil today. But it is a problem for government users now, and is a problem in many other like cases. For instance, when a cert expires over a weekend. Who hasn't got the call at 5 am when this happened?

    As for the wall... I'll comment when its relevent.

"Our vision is to speed up time, eventually eliminating it." -- Alex Schure

Working...