Payment website sees certificates expire; customers upset

Payment website sees certificates expire; customers upset

While using Thawte SSL certificates or other brands of the keys is a great thing for businesses to do to help keep the business and customers safe, one company found out the hard way that not correctly managing these certificates can come back to bite them. While there were no breaches, The Register reports that users Sage Pay, a payment service, visited the website to find themselves with an error saying the website could not be trusted.

"Looks like someone forgot to renew the site's SSL certificate, which expired at 12:59 a.m. this morning," the news source said, adding that the company initially said the message was an error, but that was later found to be false and a spokesperson said they were working on correcting the administrative error. "It comes less than 48 hours after Sage Pay suffered an intermittent day-long outage that prevented payments being processed on the network."

Sage Pay told the Register that the mistake was due to someone outside of the company and was an administrative error. The spokesperson for the company told the news source that the issue was "minor" and had no impact on its customers, adding that they were working with the hosting company to fix the expired certificate.

TweakServers said expired or rogue SL certificates in an network could have some big repercussions for a company, as it takes just one of these bad certificates to expose a business to the wild world of online crime and hackers. Having an expired certificate also exposes customers to cybercrime and malware, something no business wants to be associated with.

Companies using Thawte or GeoTrust SSL certificates should be sure to manage the keys well, as letting a certificate expire could end up harming the company's reputation with customers or exposing them and the company to dangerous malware.