IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft Exchange admin portal taken offline due to expired certificate

This isn't the first time an expired SSL/TLS cert has downed a service

Microsoft's Exchange administration portal was offline over the weekend after the company failed to renew an expired SSL/TLS certificate.

Bleeping Computer reported that Exchange administrators were unable to access the site on Sunday morning. They encountered an error page explaining that their connection was not private. At the time, Qualys Labs reported the certificate associated with the site expired at 8 am Eastern Time on Sunday, but Microsoft has since fixed the problem.

Twitter user Tzatl tweeted at the company on Sunday, asking: "Did you guys really forget to renew a certificate?" Microsoft responded that it had isolated the problem and was applying a fix, referring users to entry EX257883 under its service health dashboard.

The issue provoked some teasing from users on Twitter. "Someone done goofed," replied one user, along with a picture of the untrusted certificate report from Digicert Cloud Services.

This isn't the first time a large technology company has downed a service by forgetting to renew a certificate. 

Last month, Epic Games accidentally allowed a certificate used across many of its internal-facing services to expire. That took account logins offline for many of its most popular games, including Fortnite.

Related Resource

Enabling operational resiliency with Veritas

Boost your DX goals with data and infrastructure insights

A cityscape background against the water - Enabling operational resilience with VeritasWatch now

In February, Google Voice went offline temporarily after a certificate went out of date. In November, GitHub's home page went down after a certificate responsible for accessing information from a content distribution network expired. Last August, Spotify let a TLS certificate lapse, leaving users without music.

Secure Socket Layer (SSL) has evolved into its successor, Transport Layer Security (TLS). Both are cryptographic protocols that provide secure connections between two endpoints. An SSL/TLS certificate enables a website to prove its identity with a trusted third-party certificate authority (CA).

Certificate management is likely to become more problematic following a change to certificate longevity last September. Apple, Google, and Mozilla all imposed a maximum 398-day lifetime on certificates from September 1, 2020 in a bid to limit the time a site can use a compromised certificate. This continues a trend of shortening certificate lifespans, which stood at 60 months in 2012, 39 months in 2015, and 27 months in 2018. 

In its 2021 State of Machine Identity Management Report, Keyfactor found that 88% of companies had experienced at least one unplanned certificate outage in the prior two years.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022
Microsoft silent patches called “a grossly irresponsible policy”
cyber security

Microsoft silent patches called “a grossly irresponsible policy”

15 Jun 2022

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Internet providers look to ease cost of living crisis with cheaper broadband
broadband

Internet providers look to ease cost of living crisis with cheaper broadband

29 Jun 2022