back to article Gmail certificate expiry snafu follows security upgrade

Google allowed one of its Gmail SSL certificates to expire days after promising users improved webmail security. Because Google's certificate for IMAP/POP traffic expired on Tuesday users were confronted by a potentially confusing "invalid certificate" warning. In some cases users may also have been left unable to send email. …


This topic is closed for new posts.
  1. David Gosnell

    Google and certificates

    On a similar theme, they've never been bothered to do anything about the wrong certificates being associated with domains. Last November I raised the issue of the problem in this regard when navigating via for example, and they replied "I am happy to pass along your comments to our engineering and product teams", who went ahead and did bugger all as usual. Still broken needless to say.

  2. Anonymous Coward


    No sooner did I mail Dan to offer an alternative view to his oringinal article than I read this one.

    I'm sure there's a demon in the machine.

    My alternative view can be seen at



  3. Tony Hoyle

    Are you sure?

    I don't know about users being trained to avoid sites with invalid certificates.. the opposite it true in my experience. Microsofts own site is littered with them and has been for ages (the entire MSDN site for example).

  4. Rich

    Invalid certs

    Are only a problem if the data one is transferring is important. Half the time, it's SSL security guarding registration details when I don't care about registering. Like the Microsoft site, for instance.

  5. jon

    Why aren't Google issuing their own certificates?

    They couldn't do a worse job than the Veri$ign monopoly (which includes Thawte and Geotrust).

  6. Gregory Webb

    business impact of expired certs

    While I doubt anyone will loose faith in Google's ability to secure our data and/or gmail, expired certs and the ensuing security pop-up alerts do impact consumer behavior. Over time users become conditioned to the alerts and simply begin to ignore them. This is certainly not a security best practice, especially as phishing scams abound.

    Check out some compelling survey results on this topic at:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021