Backdating certificates?

R

Red136

Beta member
Messages
3
Location
Netherlands
In April of this year, Google forgot to renew the certificates for its SMTP and its PKI, the GIA, which expired and caused worldwide problems with emailing temporarily.

Google Lets SMTP Certificate Expire | SecurityWeek.Com

The serial for the expired GIA cert was 146025(0x23a69), with a start date of April 5th 2013 and an end date of April 5th 2015. Google then renewed that cert by one with serial number 146038, which therefore effectively started only April 6th 2015. But its start date was still April 5th 2013. That cert was still in SHA-1 and has since been replaced with one in SHA-256, with serial number 146051(0x23a83). As you can see here eg, that cert also has a start date of April 5th 2013:

https://www.sslshopper.com/ssl-checker.html?hostname=google.com

But it was issued in 2015! How is this possible? Isn't the whole point of certificates to make sure websites are trustworthy? CA's backdating their issued certs by more than two years can't make the net a safer place.

Can someone point me in the right direction please to where I can find more information on this subject? TY in advance!
 
You must log in or register to reply here.

Similar threads

C
HP "Older Generation Ink" Printer Message - 301 Cartridges?
Replies
0
Views
1K
callmewilson
C
P
5G has arrived
Replies
1
Views
625
ShayWacky
ShayWacky
DBrown51
Network+ Employment Opportunity?
Replies
0
Views
2K
DBrown51
DBrown51
D
"could not parse error", what should i do?
Replies
1
Views
1K
petergroft29
P
O
How an accident damages one motherboard and the damage affects another one?
Replies
8
Views
1K
DomniCruper
D
Back
Top Bottom