SSL expiry can cause serious damage to your product, your brand and the bottom line
Many people ask us, why is the expiry of SSL a big deal? Who cares if they have an invalid certificate on my website? Okay, one for Google. This line of thinking, however, misses the point. An SSL certificate provides some security for visitors to your websites, and also for your own employees, but it also has added benefits.
It also says something about you and your company when you can’t bother to have built an up-to – date SSL certificate. Today we’ll talk about why SSL certificates expire and then give you 5 ways to hurt your business if you have an expired SSL certificate.
SSL Expiration – An Explanation
Most people are wondering why SSL Certificates are expiring. This isn’t some sort of scam, they inquire. No, there are two very important reasons why SSL certificates need to expire. The first has to do with the validation aspect of the certificates. The Certificate Authorities that issue these SSL certificates need to occasionally check in make sure the domain is still under the same ownership and, if necessary, if anything has changed about the company.
It’s really no different than renewing a driver’s license in that respect.
Then there is the technical reason, when the licenses expire quicker, it’s easier to push out improvements across the industry. We modified hashing algorithms from SHA-1 to SHA-2 for example a few years. When SSL certificates never expired you would have vast swaths of the population that have never been updated. Even with longer periods of validity, there are challenges here. Max validity under the old rules was 39 months, which meant you had to wait up to 39 months for some certificates to expire before the sunset was complete.
Tls is required to expire. Yet you can’t let that impact your business negatively. Here are 5 ways that an expired SSL certificate could damage your company.
1.) It hurts your traffic
While Google and the other browser vendors may have just started to penalize websites that are not served via HTTPS, they have been maligning sites with expired certificates for years. When a client arrives on a website with an expired SSL certificate, a full-page warning is issued that the upcoming website has an expired certificate, is not secure or can not link securely. No one clicks through these alerts, no matter what the verbiage is. And this will cratere your flow.
2.) You’ll be damaging the brand
If people who have previously been able to use your website are no longer able to access it because you are allowing something to expire at your end, they will not like it. The internet doesn’t bring out the best nature of the people and the reputation of the business can take a big hit really quickly. It speaks volumes not both of you could renew your own SSL certificate. And it also suggests you are not taking security seriously, either.
3.) It’ll damage the bottom line
With your logo destroyed and your platform unattainable, the bottom line would dip. You better hope you’ve got profits offline because your ecommerce sales are about to bottom out. Even if people click through the browser alerts and don’t care about what the expiry consequences of your brand imply, they probably won’t like the fact that you can’t securely link to take their financial information and complete some transactions. In fact, it would be unethical for you to try to transact, knowing that all data would be transmitted in plaintext which is easily interceptable.
4.) They’ll hack your customers
Suppose someone clicks through the browser alerts, doesn’t hold it against your brand and actually wants to complete a transaction with you via HTTP — they’re likely to get hacked out. Since your certificate has expired, your website will be a hot target for hackers, cyber criminals and any other variety of ne’er-do-wells technologies. They’ll be able to eavesdrop on all of your communications and steal any financial details or login details that come their way.
5.) You ‘re going to die in the streets
With your traffic cratered, brand destroyed, profits bottomed out and consumers hacked, at best soldiers in your company on and shoot you for incompetence, at worst the whole enterprise is kaput. You are out of work anyway. This news turns out to be the last straw for your marriage too. She was still depressed and now you’re going to be more home with this and deal with your own stuff and it’s just too much for her — you’re not the same guy she fell in love. Her exit throws you into dire financial straits, because it will already be a challenge for you to continue living your lifestyle without a joint income and now that you are unemployed and the money alone is going even faster. You sold off most of your possessions within weeks, and you stay in your house. Perhaps you’ll also sell it and move in under an overpass with a surly Vietnam veteran. Your immune system is shot after about a decade of sleeping rough and a bout of Spring flu eventually ends your suffering on a bus stop bench a few blocks from the office you were working at when you let your SSL certificate expire.