LinkedIn Admits a Delay in Renewing TLS Cert

LinkedIn Admits a Delay in Renewing TLS Cert

LinkedIn users noticed on Tuesday that attempts to access the site from their desktop or laptop computer were met with an alert warning that the connection was not secure – the result of LinkedIn’s failure to renew the TLS certificate for its URL shortener, according to Computer Business Review (CBR).

It turned out that the company had what it is calling a brief delay in renewing the TLS certificate. The company quickly took action after being notified. “We had a brief delay in our SSL certificate update yesterday, which was quickly fixed, and member data was not affected,” a LinkedIn spokesperson wrote in an email. The new certificate is valid until May 2021.

Forcepoint security analyst, Carl Leonard tweeted:

If you are wondering why your browser is throwing a Certificate Error when navigating around @LinkedIn posts their cert expired a few hours ago on the URL shortener lnkd[.]in. Qualys' SSL check report for that domain: …

Leonard and others noted that this is the second time that LinkedIn has allowed a certificate to expire. “Large organizations with hundreds of millions of users globally should be setting the standard for security practices and unfortunately this is the second time that LinkedIn failed to update their SSL certificate, effectively putting user data and privacy at risk,” Leondard reportedly told CBR.

"Certificates control communication and authentication between machines, so it's critically important not to let them expire unexpectedly. Unfortunately, most ..

Support the originator by clicking the read the rest link below.