Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Forgets to Renew SSL Certificate, Breaking OS X Software Update [Fixed]

mrgraff said:
You forgot:

Microsoft Forgets to Renew... = Yet another example of a top-heavy corporation unable to keep even simple things in check. Thank goodness Apple hasn't forgotten its user base.

Apple Forgets to Renew... = Calm down, people; non-issue. Do you even realize how much time a big company needs to address things like this?
Click to expand...

Microsoft has 99,000 employees and it appears most of them are sitting around doing nothing at the retail stores.
Apple has 80,000 employees and they're working their asses off making the most profits per employee in the business world.

I heard the expired certificate error was because some Apple employee had to move all of his belongings to the new campus and he didn't get around the renewing it. Besides this certificate nonsense is practically a non-issue because Apple offers other ways to download system software.

In other words Microsoft should make less mistakes than Apple because they've got plenty more employees with free time to catch errors.

/s
 
Rafagon said:
All it would've taken is for whoever is in charge of swscan.apple.com to have had a brief conversation with Siri.

"Siri, Remind me to renew SSL Certificate for Swscan.apple.com on May 23. Alert me two days before, and alert me a second time on the day before."

And now Tim Cook should just say to Siri:

"Siri, Remind me to fire the guy in charge of swscan.apple.com on Monday, May 26th."
Click to expand...

I think you meant, Tuesday, May 27th. Monday is a holiday.

----------
kdarling said:
Yep, Apple is not alone.

Twice in the past year or two Microsoft has forgotten to update the certificates on all of their Bing map servers, causing secure map requests to fail.

And I keep running across other, more minor, sites with expired certs.

Still no excuse, of course. At the least, a secure health check should've found it early in the day, so it could be fixed immediately.
Click to expand...

I feel like several email notifications would've gone out and someone would've been alerted. I got my SSL renewal 30 days prior, 7-10 prior, and the day before and day of. That's a lot of notices. Someone should've had this taken care of.

Not only that, but our company has a calendar of when things expire so we can have it taken care of. Anything marked red on the calendar hasn't been done and when it gets done it is turned green, so its easy to spot things we've missed.
 
Yakibomb said:
Forgets?? I can't see how something this big could just slip through the cracks :confused:
Click to expand...

It happens.

I work in the Drug distribution industry. Recently a major company who's software allows pharmacies to order narcotics failed to update its DEA certificate and left thousands of customers unable to order prescription medication for 2 days until they fixed it.
 
man3ster said:
It is unfortunate, but I have come to accept that Apple is prone to lots of mistakes. Under Jobs these mistakes were limited, but now the Cook steers the ship, the waters are more hazardous.
Click to expand...

Yeah, like about only 10 people are working at Apple and Tim Cook is their immediate supervisor :rolleyes:
 
In all fairness this is so easy to happen, I monitor my SSL certs for the websites for my company. If leave someone else would have to pick up the ball, but since its a 2 year cert, I'd have to remember to tell them about it.

Its embarrassing for apple in a sense but its surprising that it doesn't occur more often with these large corporations.
 
Yvan256 said:
Isn't there at least one person, at Apple, whose job is to keep things like that up-to-date?
Click to expand...

They're too busy shuffling people around constantly between projects like iOS and Mac and getting rid of people that can't get along with Johnny Ives (and by that I mean do whatever he says no matter how stupid). Hey, maybe Dre will take over Johnny's job. I'm not sure what you'd get, but I'm pretty darn sure that will end the kiddy "crayon" look of iOS. ;)
 
vpndev said:
If you reset your clock so your system will accept an uncompromised but out-of-date certificate -- what's the vulnerability? Did the private key suddenly pop out unannounced ??

No. Your only problem is that it might have been revoked/canceled and you wouldn't know. But if it had not been compromised -- and there is no allegation that it happened in this case -- what's your problem ??

Please explain your concern.
Click to expand...

A malware author could change the date without your notice, and use an outdated security certificate to further infect your computer...
 
Constable Odo said:
Microsoft has 99,000 employees and it appears most of them are sitting around doing nothing at the retail stores.
Apple has 80,000 employees and they're working their asses off making the most profits per employee in the business world.

I heard the expired certificate error was because some Apple employee had to move all of his belongings to the new campus and he didn't get around the renewing it. Besides this certificate nonsense is practically a non-issue because Apple offers other ways to download system software.

In other words Microsoft should make less mistakes than Apple because they've got plenty more employees with free time to catch errors.

/s
Click to expand...

The blue shirts are responsible for Internet security?
 
bumblebritches5 said:
Wow, that seems like a pretty massive security vulnerability, why does this work at all?
Click to expand...

Not really. It's an indication of whether you can trust the site is who they say. If you are using a browser it will complain and let you choose whether to proceed or not.

Since this is a service using the cert, it has to deal with the error. In this case, the error is very cryptic and that's what was upsetting to me. Apple could have provided better info about what went wrong and I would not have thought there was an issue with my computer. Isn't user friendliness what used to set Apple apart from the rest?

I work in IT and have had the job of keeping certs up to date. I would proactively check the ones installed on devices I managed. It can get pretty complex, though. I may work with a developer who installs a cert on one of his systems and now it is either his job to manage that or the group that ordered the cert. I could go on and on about how complex it can get. Whether you have people who track them or automated tools, there can be a lot of noise from everything going on and I can see how something like this gets missed occasionally.

And finally, give me a break about not getting updates for a few hours. Sounds like some folks don't use their computers for much and have time to obsess over something irrelevant in the short term to a functioning system.
 
1 year ago
Tim Cook: "So, what exactly does Joel *DO* here??"
Lackey: "No one is sure."
Tim Cook: "Fire him, see what happens."
 
2010mini said:
It happens.

I work in the Drug distribution industry. Recently a major company who's software allows pharmacies to order narcotics failed to update its DEA certificate and left thousands of customers unable to order prescription medication for 2 days until they fixed it.
Click to expand...

Enter https://www.slashdot.org in your browser and see what happens (posted on May 26th, let's see how long these guys take to update their certificates).

unplugme71 said:
I feel like several email notifications would've gone out and someone would've been alerted. I got my SSL renewal 30 days prior, 7-10 prior, and the day before and day of. That's a lot of notices. Someone should've had this taken care of.
Click to expand...

I suppose that's the problem. Lots of people who think someone else should have acted. Lots of people thinking it must be someone's job, but not theirs.
 
dannyyankou said:
I thought my computer had a virus, so I went through the 4 hour process of backing up and restoring it. Thanks Apple!
Click to expand...

You are joking, right?

----------
Mr. Buzzcut said:
....In this case, the error is very cryptic and that's what was upsetting to me. Apple could have provided better info about what went wrong and I would not have thought there was an issue with my computer.....
Click to expand...

Yes this is very poor on Apple's part the print a cryptic error message. ANYTHING printed to the screen should be understandable by a user "error number -1012" can't possibly informative to anyone who does not have a decoder book to look up "1012".
Yes I know this is one error that the software engineer thought would never happen. But those things always find a way to happen.
 
ChrisA said:
You are joking, right?
Click to expand...

I'm actually not joking. My dad's bank account information was stolen, and since the App Store message said "your confidential information could be at risk", I wanted to be on the safe side. The wifi password was also changed.
 
Last edited:
brand said:
And tomorrow it will all have been forgotten replaced by tomorrows new tech news. Its not really as big a deal as you are making it out to be.
Click to expand...

Just stating how tech news responds to apple stories. I consider it a non event, if you think I'm making a big deal out of it , boy are you off the mark. Trying reading the thread I responded to in context.
 
MH01 said:
You do get plenty of notice to renew them.

I've never had to renew them on our sites, but can you not renew them in advance ?
Click to expand...

I get at least 3-4 email before my SSL cert expires and you have the option to have multiple people on the list for alerts.
 
fredaroony said:
I get at least 3-4 email before my SSL cert expires and you have the option to have multiple people on the list for alerts.
Click to expand...

When you work for a large company the peons don't have a budget. It may go something like this...

Engineer identifies need for cert and submits an internal request. An admin turns the request into a formal requisition and sends it up the chain for approval. After several approvals the req is forwarded to purchasing. Someone in purchasing who knows the cert vendors submits an order. Once the shiny new cert arrives it is sent to the person who opened the req and ultimately to the engineer.

Meanwhile there are several groups within the company using the same process to get their certs. So the only common touch point might be purchasing. There may be folks who track them but whether purchasing or some low level techie, you aren't going to get 100% reliability. This is why I kept track of all certs on gear I managed as the company I worked for used a process similar to the above.
 
Mr. Buzzcut said:
When you work for a large company the peons don't have a budget. It may go something like this...

Engineer identifies need for cert and submits an internal request. An admin turns the request into a formal requisition and sends it up the chain for approval. After several approvals the req is forwarded to purchasing. Someone in purchasing who knows the cert vendors submits an order. Once the shiny new cert arrives it is sent to the person who opened the req and ultimately to the engineer.

Meanwhile there are several groups within the company using the same process to get their certs. So the only common touch point might be purchasing. There may be folks who track them but whether purchasing or some low level techie, you aren't going to get 100% reliability. This is why I kept track of all certs on gear I managed as the company I worked for used a process similar to the above.
Click to expand...

Naturally it varies company to company.

Though in our case, the Senior manager in charge of operations receives the renewal e-mail, he confirm with me if we still require the Cert, upon confirmation, he e-mails finance who raise a purchase order against the existing Cert company in SAP.

Where it fails is when people ignore the e-mail, for whatever reason. I'm sure there could also be a situation where the e-mail ends up in the SPAM folder, depending on e-mail preferences.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back