Security News > 2024 > July > More than 83K certs from nearly 7K DigiCert customers must be swapped out now

As the DigiCert drama continues, we now have a better idea of the size and scope of the problem - with the organization's infosec boss admitting the SSL/TLS certificate revocation sweep will affect tens of thousands of its customers, some of which have warned that the short notice may have real-world safety implications and disrupt critical services.

A brief refresher on what happened: On July 29, the certificate authority said at least some customers had just 24 hours to replace their previously issued security certificates due to a five-year-old programming flaw in its systems.

"While we have deployed automation with several willing customers, the reality is that many large organizations cannot reissue and deploy new certificates everywhere in time."

Customers needing more time were encouraged to email the company by July 31, no later than 1930 UTC, with a detailed explanation of the circumstances necessitating a delay in the certificate renewal and revocation process.

Even if a delay is approved, "All certificates affected by this incident, regardless of circumstances, will be revoked no later than Saturday, August 3, 2024, at 1930 UTC," the notice said.

Not every one of these certificate updates can be done Not every certificate update can be automated, and not every organization can manually replace their certificates within 24 hours.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/31/digicert_certificates_extension/