GoDaddy SSL Certificate Develops Security Issue

Certificate Authority GoDaddy

Certificate Authority GoDaddy happened to discover that a code bug that had occurred during a service upgrade had caused a security issue. This discovery had made GoDaddy revoke and reissue as many as 9,000 SSL certificates that it had issued since July 29, 2016.

Last July GoDaddy had changed its validation code and the result was that some servers that were configured in a special way could bypass GoDaddy’s authentication process. This authentication process, as we know, is needed to deliver an SSL certificate.

Wayne Thayer, the General Manager of Security Products at GoDaddy, has said in a blog post dated January 10, 2017- “On Friday, Jan. 6, we learned about a bug that impacted our SSL certification validation process. The bug was introduced on July 29, 2016, and impacted less than 2 percent of the certificates issued from July 29, 2016, to Jan. 10, 2017. It affected approximately 6,100 customers.” He adds that the issue has been fixed. Says Wayne Thayer in the blog- “The software bug that created the issue has been remedied. We continue to closely monitor the system. We will revoke these certificates at 9 p.m. (PST) Jan. 10, 2017. We are actively working with our customers to reissue their SSL certificates.”

The blog post also offers instructions to those customers who have been affected. Says Wayne Thayer in the post- “For customers who were impacted, we have already submitted a new certificate request on your behalf at no additional cost. You simply need to log in to your GoDaddy account; once there, go to your SSL Panel and initiate the certificate process…This process will be identical to the process you followed when your previous certificates were issued. The SSL Panel provides information and instructions that should allow you to easily process the certificate online. The time it takes for a new certificate to the issue will vary depending on each customer’s circumstances, but please know we are working diligently to get all new certificates issued as quickly as possible.”