Discussion
dmitrygr: So what? They keep shortening the validity length of these certificates, making them more and more of a pain to deal with.
gslepak: Using old compromised certificates is a legitimate MITM attack vector.
petcat: Is there anything inherently insecure about an expired cert other than your browser just complaining about it?
zeroxfe: Expiries are a defence-in-depth that exist primarily for crypt hygiene, for example to protect from compromised keys. If the private key material is well protected, the risk is very low.However, an org (particularaly a .mil) not renewing its TLS certs screams of extreme incompetence (which is exactly what expiries are meant to protect you from.)
mr_mitm: No, but it reflects poorly on the maintainer. Plus, any browser complaint contributes to error fatigue. Users shouldn't just ignore these, and we shouldn't encourage them to ignore them just because we fail at securing our websites.
m348e912: Not inherently, but it can introduce risk. Such as a bad actor using an old expired certificate it was able to acquire to play man-in-the-middle. But if that is happening you have bigger problems.
hhh: because you need to automate it
dmitrygr: Which is yet another chore. And it doesn’t add any security. A certificate expired yesterday proves I am who I am just as much as it did yesterday. As long as the validity length is shorter than how long it would take somebody to work out the private key from the public key, it is fine.
danesparza: An expired cert is a smell. It shows somebody isn't paying attention.
Manfred: To prevent abuse, for example to prevent an old owner of domain to have a valid certificate for the domain indefinitely after transfer.
dpoloncsak: Isn't that why certificates expire, and the expiry window is getting shorter and shorter? To keep up with the length of time it takes someone to crack a private key?
fidotron: On the one side all the users will need to prove their ID to access websites, and on the website side the site will have to ask permission to continue operating at ever increasing frequency.That is the future we have walked into.
Spooky23: [delayed]
bombcar: Shortening certificate periods is just their way of admitting that certification revocation lists are absolutely worthless.
PilotJeff: Can you live without your immune system? Sure, for a little while.
sciencejerk: Yes. Visitors to the site are vulnerable to Man in the Middle (MitM) attacks, IF they click past the warning (which many people do)
LadyCailin: That’s not true. The encryption still works as well as it did 3 days ago, and doesn’t care if the certificate is expired.
UqWBcuFx6NV4r: “No, but it reflects badly because it’s an error, and because it’s an error it contributes to error fatigue, which is bad” is a very verbose way to say that you don’t have an answer.
macintux: Your comment history reflects a persistent approach: insulting the person you're replying to.Please reflect on the site guidelines. https://news.ycombinator.com/newsguidelines.html
dmitrygr: Which would make sense if they were valid for 10 years and somebody forgot about them. Not when they’re valid for, what is it now, 40 days?
smashed: An official government source is teaching users to ignore security warnings about expired certificates.Mistakes happen, some automation failed and the certs did not renew on time, whatever. Does not inspire confidence but we all know it happens.But then to just instruct users to click through the warning is very poor judgement on top of poor execution.
shagie: It's also a "how much exposure do people have if the private key is compromised?"Yes, its to make it so that a dedicated effort to break the key has it rotated before someone can impersonate it... its also a question of how big is the historical data window that an attacker has i̶f̶ when someone cracks the key?
SAI_Peregrinus: And in turn making revocation less & less of a pain. Since that was more of the pain, overall it's getting easier.
dmitrygr: It did until it got so short that it created a new potential attack surface — the scripts everyone is using to auto update them.
organsnyder: Compared to the manual processes these scripts replaced, I'd put more trust in the automations.
tuwtuwtuwtuw: > Users on civilian network can continue downloads through the Advance tab in the error message.Good stuff.
whalesalad: "We have sent you a OTP code of 459-312 please check your device and enter this code below"
dmitrygr: No. The sister comment gave the correct answer. It is because nobody checks revocation lists. I promise you there’s nobody out there who can factor a private key out of your certificate in 10, 40, 1000, or even 10,000 days.
dpoloncsak: I thought I remembered someone breaking one recently, but (unless I've found a different recent arxiv page) seems like it was done using keys that share a common prime factor. Oops!Fwiw: https://arxiv.org/abs/2512.22720
ddtaylor: MITM
LeifCarrotson: It's true that the expiration doesn't mean the encryption no longer works, but if the user is under a MITM attack and is presented by their browser with a warning that the certificate is invalid, then the encryption will still work but the encrypted communication will be happening with the wrong party.I don't trust the average user to inspect the certificate and understand the reason for the browser's rejection.
amluto: This is kind of amazing. I'm suspicious that the site operator has absolutely no idea what they're doing.> DoD Cyber Exchange site is undergoing a TSSL Certification renewalI'm imagining someone searching around for a consulting or testing company that will help them get a personal TSSL Certification, whatever that is (a quick search suggests that it does not exist, as one would expect). And perhaps they have no idea what TLS is or how any modern WebPKI works, which is extra amazing, since cyber.mil is apparently a government PKI provider (see the top bar).Of course, the DoD realized that their whole web certificate system was incompatible with ordinary browsers and they wrote a memo (which you have to click past the certificate error to read):https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/pdf/uncl...saying that, through February 2024, unclassified DoD sites are permitted to use ordinary commercial CAs.If the DoD were remotely competent at this sort of thing, they would (a) have CAA records (because their written policy does nothing whatsoever to tell the CA/B-compliant CAs of the world not to issue .mil certificates, (b) run their own intermediate CA that had a signature from a root CA (or was even a root CA itself), and (c) use automatically-renewed short-lived certificates for the actual websites.cyber.mil currently uses IdenTrust, which claims to be DoD approved. They also, ahem, claim to support ACME:> In support of the broader CA community, IdenTrust—through HID and the acquisition of ZeroSSL—actively contributes to the development and maintenance of major open-source ACME clients, including Caddy Server and ACME.sh. These efforts help promote accessibility, interoperability, and automation in certificate management.Err... does that mean that they actually support ACME on their DoD-approved certificates or does that mean that they bought some companies that participate in the ACME ecosystem? (ACME is not amazing except in contrast to what came before and as an exercise in getting something reasonable deployed in a very stodgy ecosystem, but ACME plus a well-designed DNS-01 implementation plus CAA can be very secure.)The offending certificate is: Certificate: Data: Version: 3 (0x2) Serial Number: 40:01:95:b4:87:b3:a3:a9:12:e0:d7:21:f8:b3:91:61 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=IdenTrust, OU=TrustID Server, CN=TrustID Server CA O1 Validity Not Before: Mar 20 17:09:07 2025 GMT Not After : Mar 20 17:08:07 2026 GMT Subject: C=US, ST=Maryland, L=Fort Meade, O=DEFENSE INFORMATION SYSTEMS AGENCY, CN=public.cyber.mil At least the site uses TLS 1.3.
lynndotpy: I'm not actually sure if browsers validate expired certificates. I couldn't find out if an invalid cert authority and an invalid date would look different than just the error for an invalid date. Educated guess says so, but that's just a guess.The biggest concern is you'd hope the DoD (/DoW) is on top of their stuff, especially the DISA. This is a sign they are not. This is something that should never happen.But then, there's this message:> DoD Cyber Exchange site is undergoing a TSSL Certification renewal resulting in download issues for some users. Users on civilian network can continue downloads through the Advance tab in the error message.Uh oh!!! This is concerning because (1) "Ignore SSL errors" is something you should never be telling users to do and (2) this is extra concerning because whoever wrote this does not seem to have a grasp on the English language:- "TSSL Certification renewal" should be TLS/SSL Certificate renewal. (Caveat: Defense is full of arcane internal acronyms and TSSL could just be one of them.)- "Users on civilian network" should be "Users on civilian networks", or "Users on a civilian network".- "Advance tab" should be "Advance button".So, we have three glaring red flags. Expired certs, telling users to ignore cert warnings, and various spelling and grammar mistakes.People are citing the short 40-day certificate renewal window, but that's not the problem here. It's not a case of administration transition either. This cert was issued 2025-Mar-20 and was valid for 1 year. But IdenTrust DoD certs can't be renewed after they expire, so that might be why this is so broken.In the most generous interpretation, the once-responsible party was cut with the huge DOGE cuts back in May 2025, and this failure of web administration is just one visible sign of the internal disarray you'd expect with losing 10% of your workforce.
dmitrygr: This was the predictable outcome of shortening certificate length validity to appoint where they are now.
lynndotpy: No, because that's not what happened here.The certificate they failed to renew was issued 2025-Mar-20th, and expired 2026-Mar-20th. That is a 365 day cert.The maximum length for a new cert is now 200 days, with the 47 day window coming in three years: https://www.digicert.com/blog/tls-certificate-lifetimes-will...
jp191919: >screams of extreme incompetenceNot unheard of with the military
cozzyd: Precision lethality, not certificate renewality.
russell_h: I think the argument would go that if people are clicking through certificate errors and you're in a position to MITM their traffic, you can just serve them a different certificate and they'll click through the error without noticing or understanding the specifics.
sciencejerk: Fair point, but I think the situation is a bit more complicated when a user "needs the site for work", or something urgent. You might have smart cautious users that feel like they have no choice but to proceed and click through the warnings since the site is most likely still legitimate
nightpool: No, they're not useless at all. The point of shortening certificate periods is that companies complain when they have to put customers on revocation lists, because their customers need ~2 years to update a certificate. If CRLs were useless, nobody would complain about being put on them. If you follow the revocation tickets in ca-compliance bugzilla, this is the norm—not the exception. Nobody wants to revoke certificates because it will break all of their customers. Shortening the validity period means that CAs and users are more prepared for revocation events.
pas: ... what are the revocation tickets about then? how is it even a question whether to put a cert on the CRL? either the customer wants to or the key has been compromised? (in which case the customer should also want to have it revoked ASAP, no?)can you elaborate on this a bit? thank you!
hamdingers: This is an infohazard. True information that can cause harm or enable some agent to cause harm.Telling people not to worry about expired cert warnings makes them vulnerable to a variety of attacks.
umanwizard: Okay, but that’s not what was being asked. OP, someone who presumably understands the difference between a totally invalid cert and an expired one, was asking specifically whether clicking through the latter is dangerous.
BigTTYGothGF: > If the DoD were remotely competent at this sort of thingThat's probably one of the things they were forced to contract out.
jeroenhd: For some reason the warning icon is huge on my phone.Someone please verify that the exclamation point inside of the warning icon has always been gold and that this website's design hasn't fallen victim to Trump's dragon-like gold hoarding obsession.
