SSL certificates are used to validate the identity of a website to users. Over the weekend, it was found that DigiNotar, a Dutch Certificate Authority, had issued a rogue SSL certificate for *.google.com. Today, this was confirmed by DigiNotar in a press release.
According to DigiNotar’s own investigation, they found out that they were compromised on July 19, 2011, and several rogue SSL certificates had been issued including the one to *.google.com. All the other ones were revoked, but for some reason, DigiNotar missed revoking the one issued for Google’s domain. Why is this important? With the rogue certificate issued by a trusted CA, it’s possible to do Man-in-the-Middle attacks and listen in to any traffic going to Google’s services, such as Google Mail, Google Docs, Google Plus, and Google Apps, without any visible warnings to users.
If you have SSL Inspection enabled in Websense Web Security Gateway (Anywhere) solutions and have the Certificate Validation Engine enabled, you will already have the revoked certificates downloaded and installed.
- Open up the Administration UI for Websense Content Gateway (https://126.96.36.199:8081 by default)
- Go to Configure -> SSL -> Certificates
- Scroll down and select DigiNotar Root CA and “Click to change status to Deny“
Leave a reply