Microsoft delays security certificate renewal once more

Microsoft delays security certificate renewal once more



Microsoft is currently facing issues with expired TLS certificates, leading to security warnings for users. A reader from Australia pointed out the problem with cdn.uci.officeapps.live.com, a Microsoft 365 and Office Online endpoint. The TLS certificate for this address expired on June 27, 2024, causing security warnings when using Microsoft Office.

TLS certificates are crucial for securing internet connections by encrypting data. The expired certificate at cdn.uci.officeapps.live.com has caused headaches for administrators and users encountering security bugs. Additionally, the Microsoft Azure ECC TLS Issuing CA 01 certificate has also expired, potentially causing issues with certificates issued by the service.

This is not the first time Microsoft has faced expiration issues. In 2022, it forgot to renew a certificate for its Windows Insider subdomain web page, leading to security warnings for testers. Microsoft has been approached for comment, and updates will be provided if they respond. The company previously announced plans to address URL proliferation with a transition to the cloud.microsoft domain.

The reader noted that expiration issues have occurred in the past, questioning why expiration dates for critical systems like website security certificates aren’t managed in a more organized manner. Microsoft Copilot recommends monitoring expiration dates and renewing certificates promptly to avoid service interruptions and maintain security.

It is essential for organizations to stay vigilant and keep certificates up to date to prevent security risks and maintain customer relationships. Expired certificates can lead to unencrypted connections, affecting an organization’s reputation. Stay proactive in managing TLS certificates to ensure smooth operations and secure connections.

Article Source
https://www.theregister.com/AMP/2024/06/28/microsoft_security_certificate_expires/