Expired Google certificate temporarily disrupts Gmail service
- 06 April, 2015 17:15
Google forgot to renew one of its TLS certificates, leading to service disruption Saturday for people using Gmail through third-party email clients.
The problem was fixed in a matter of hours, but should serve as a reminder to online service operators that keeping track of digital certificate expiration dates is important and should be planned for in advance.
Some users reported Saturday on Twitter and other sites that email clients like Microsoft Outlook and OS X Mail were displaying certificate errors when trying to send email messages through smtp.gmail.com.
It seems that it wasn't the SMTP (Simple Mail Transfer Protocol) server's certificate that expired, but one higher up in the chain that corresponded to Google Internet Certificate Authority G2 -- an intermediate certificate authority operated by Google.
When SSL/TLS certificates are validated by software applications, all certificates they link back to need to be valid as well. In this case the certificate for smtp.gmail.com had been issued by Google Internet Authority G2, which had in turn been issued by GeoTrust Global CA.
According to the Gmail status page, it took Google around two and a half hours to fix the problem, which affected "a majority of users." The certificate was renewed and is now set to expire on Dec. 31, 2016.
While operators of large online services typically monitor their certificates closely, similar expiration incidents have occurred before and when they do, they can have serious consequences.
In February 2013, an expired certificate issue disrupted the Microsoft Azure service worldwide for around a day. Since Azure is a cloud computing platform, many third-party services relying on it were affected as well.