All You Need Is An Expired SSL Certificate To Bring Down Windows Azure

All You Need Is An Expired SSL Certificate To Bring Down Windows Azure

You could, just once, excuse a small business for forgetting to renew the SSL certificate for its website. The same, however, cannot be said for Microsoft. It looks like someone over at Redmond failed to renew the credentials for Windows Azure, the company’s cloud storage service.

Going by this post on Microsoft’s developer forums, the SSL certificate for Windows Azure expired on February 22, which by my reckoning, was yesterday.

In simple terms, an SSL certificate gives a client (your web browser, say) a way to authenticate the identity of an online service so secured communications can be conducted. Certificates are issued by recognised authorities, such as GoDaddy and VeriSign.

At the time of writing, visiting the service dashboard for Azure presents you the lovely image above, complete with magenta-encased crosses. It also includes the following message in red:

Storage is currently experiencing a Worldwide outage impacting HTTPS operations (SSL traffic). Status of affected services will be updated in the table below. We have identified the root cause and are validating the recovery options before implementing them. Further updates will be published to keep you apprised of the situation. We apologize for any inconvenience this causes our customers.

The situation is embarrassing, sure, but it’s not a complete disaster. It appears access can still be obtained via non-secured (HTTP) channels, but any company worth its salt is not going to send sensitive data over the internet unless it’s via TLS/SSL.

The previously-mentioned thread is already filling with workarounds and solutions, though these can only be implemented by developers, not users.

[Windows Azure Service Dashboard, via ZDNet]