Update Google allowed one of its Gmail SSL certificates to expire days after promising users improved webmail security.

Because Google's certificate for IMAP/POP traffic expired on Tuesday users were confronted by a potentially confusing "invalid certificate" warning. In some cases users may also have been left unable to send email. Google fixed [1] the problem within hours on Tuesday afternoon (US time).

The snafu [2] comes less than a week after Gmail improved security [3] by making sure users of the popular web mail service go through a secure connection each time they access their account online.

Forgetting to renew a digital certificate can happen to any organisation, as Microsoft and HSBC (among many others) are able to testify. Even though a certificate is out of date a secure connection with a site can still be established. Google makes it its business to index all the world's data so its own failure to manage a key domain is an embarrassing faux pas even though no harm, or much inconvenience, was caused.

Reg reader Peter Houppermans, who brought the slip-up to our attention, drily notes that users are now so well trained to blithely click on past invalid certificates, so that this sort of thing should present no great problem. ®

Links

1. http://groups.google.com/group/Gmail-Help-Announcements-and-Alerts-en/browse_thread/thread/0948f4f8b9ddb496#
2. http://isc.sans.org/diary.html?storyid=4795
3. http://www.theregister.co.uk/2008/07/25/gmail_adds_https_only

Related stories

• Gmail phishing attack hits on heels of outage (25 February 2009)

  http://www.theregister.co.uk/2009/02/25/gmail_im_phish/

• Email snafu gifts federal informants' names to press (9 January 2009)

  http://www.theregister.co.uk/2009/01/09/email_snafu_disgorges_fed_rap_sources/

• Gmail cuts out the meatspace with canned replies (22 October 2008)

  http://www.theregister.co.uk/2008/10/22/gmail_canned_responses/

• Microsoft's Hotmail hybrid struggles to life (30 September 2008)

  http://www.theregister.co.uk/2008/09/30/spotty_hotmail_upgrade/

• Gmail outage causes outrage (12 August 2008)

  http://www.theregister.co.uk/2008/08/12/gmail_outage_outrage/

• Google gives GMail always-on encryption (25 July 2008)

  http://www.channelregister.co.uk/2008/07/25/gmail_adds_https_only/

• Gmail uses DomainKeys to lock out eBay phishing attacks (10 July 2008)

  http://www.channelregister.co.uk/2008/07/10/domainkeys_phish_filter/

• Google a broken hell for five-year-olds (2 July 2008)

  http://www.theregister.co.uk/2008/07/02/google_v_microsoft/

• Yahoo! Mail! vuln! fixed! (25 June 2008)

  http://www.channelregister.co.uk/2008/06/25/yahoo_mail_vuln/

• Google's Gmail verboten in Germany (24 June 2008)

  http://www.channelregister.co.uk/2008/06/24/no_access_to_gmail_in_germany/

• Yahoo! email! fans! get! more! domains! (19 June 2008)

  http://www.theregister.co.uk/2008/06/19/yahoo_email_domains/

• Spam filtering services throttle Gmail to fight spammers (10 April 2008)

  http://www.channelregister.co.uk/2008/04/10/web_mail_throttled/

• Equifax typo derails digital cert (11 March 2008)

  http://www.channelregister.co.uk/2008/03/11/equifax_cert_glitch/

• HSBC forgets to renew its digital certificate (10 March 2008)

  http://www.theregister.co.uk/2008/03/10/hsbc_cert_glitch/

• Digital cert glitch trips up UK passport site (9 January 2008)

  http://www.theregister.co.uk/2008/01/09/ips_site_cert_glitch/

• Comodo resolves site validation glitch (27 February 2007)

  http://www.channelregister.co.uk/2007/02/27/comodo_trust_logo_glitch/