English
简体中文 English
Home Domain DNS SSL Cerificates Domain Pollution Processing
Support
Help Center Notice News About Us Contact Us
Login Register
Home News Russia Faces Large-Scale SSL Certificate Revocations
Russia Faces Large-Scale SSL Certificate Revocations
Time: 2024-07-16 10:27:17
Edit: DNS.IO

Here’s the English translation of your text:

 

Large-Scale Revocation of SSL Certificates in Russia

 

Recently, as China and Russia have strengthened various trade cooperations, I found that many Russian foreign trade websites have become inaccessible. This piqued my curiosity, so I began researching Russian websites and discovered some chilling facts—Western countries, led by the United States, have revoked and disabled all Russian domain SSL certificates within a few days! This means that websites with revoked certificates can no longer use HTTPS, causing a nightmarish impact on online payment platforms, Russian financial institutions, and government research department websites.

 

Both Russia and Ukraine have suffered multiple cyberattacks, primarily affecting government departments such as the Ministry of Foreign Affairs, the Ministry of Education, the Ministry of Internal Affairs, the Ministry of Energy, the Security Service, as well as military websites including the Ministry of Defense, armed forces, and critical infrastructure sectors like banking, telecommunications, electricity, and transportation. With the involvement of international and civilian hacker groups, the conflict has rapidly evolved into a global cyber information war.

 

Concept of SSL Certificates:

 

Many people might not know much about SSL certificates. Let me briefly explain what SSL certificates are, their purpose, and what it means for large enterprises and confidential organizations if they cannot use SSL certificates.

 

SSL certificates are used on IPs or domain servers to encrypt network data transmission. Without SSL certificates, the data transmission between a website server and a browser is done through HTTP, which is plaintext. This means that during network information exchange, all data is public and can be accessed by others. For personal websites or small businesses, this is not a big issue.

 

However, for e-commerce businesses, medium and large enterprises, financial institutions, government units, higher education institutions, and research organizations that store a lot of private information, using traditional HTTP plaintext transmission is unacceptable. It leads to massive user information leakage and is very unfriendly to core internal confidential information.

 

For example: If we make a purchase on an e-commerce platform, and our account information and payment passwords are exposed in plaintext, the consequences could be severe. If a research institution stores highly confidential information or advanced technology but the website uses plaintext transmission, the consequences could be dire. Such situations pose significant security risks to citizen information and national cybersecurity.

 

Therefore, when accessing important websites, check if the website uses HTTPS and if there is a green padlock symbol indicating secure access. This indicates HTTPS is implemented.

 

Why Did Commercial Actions Escalate to Political Attacks?

 

Initially, this was confusing. As one of the five permanent members of the UN Security Council, Russia should have its SSL certificates used in normal commercial activities. Shouldn’t Western countries maintain fairness and legality in transactions? Once a certificate is sold, how can they revoke it? This caused a massive shock to Russia’s cybersecurity in 2022. Despite claiming that national conflicts would not affect commercial activities, the actions taken were shocking!

 

China and the Western countries led by the US have strained relations as well. Here is a look at the number of Chinese enterprises sanctioned by the US over the years:

 

From 2018 to 2021, the US alone sanctioned 383 Chinese enterprises, with companies like Huawei being among the largest affected. Not only did the US sanction Chinese enterprises, but also over 20 Chinese universities and a few high schools in July 2023, overturning my worldview. Is this the so-called great power dynamics?

 

Northwestern Polytechnical University and affiliated schools were sanctioned by the US. Chinese enterprises and universities are developing independently, undeterred by the US. The more sanctions imposed, the better it indicates China’s development and the greater the threat to the US, suggesting that China is on the right path.

 

However, this situation should alert us. The current dominance of certificate issuance still lies with others. Since the outbreak of the Russia-Ukraine conflict on February 24, 2022, Cogent Communications cut off ties with Russian suppliers, Sectigo stopped issuing SSL certificates to Russians, and Namecheap also ceased domain maintenance for Russian domains.

 

Unexpectedly, Sectigo (formerly Comodo), the largest certificate issuer globally, was the first to stop and revoke all SSL certificates in Russia. Subsequently, other major international brands also cut off SSL certificate and domain registration services to Russia. Brands like Digicert (including sub-brands GeoTrust, GlobalSign, Rapid SSL), Certum from Poland, and GlobalSign from Belgium and Japan followed suit, leaving all internationally certified SSL certificates without service for Russia.

 

How to Prevent Such Situations:

 

Recently, some people have suggested using domestic encryption algorithms, but it’s important to understand that domestic algorithms are just one type. Currently, some domestic certificates use foreign root certificates, optimized in algorithms, but do not completely carry the label of purely domestically developed and self-researched.

 

Currently, fully autonomous domestic verification and data retention solutions include CFCA, SHECA, and JoySSL. These services use domestic servers to access user domain servers during issuance and do not require foreign servers to verify domain ownership.

 

Similar to domestic government clouds, which completely avoid foreign server access, this is an effective way to avoid repeating Russia’s situation.

 

Applying for Domestic Verification SSL Certificates with Data Retention:

 

1. Open JoySSL and Register an Account: Register with the code 230912 to apply for the professional version of a purely domestic self-researched SSL certificate. It has a 99.9% compatibility rate, supports international and domestic algorithms, and has dedicated customer service for deployment assistance.

2. Submit the Desired Certificate Type: JoySSL supports domestic verification and ensures data does not leave the country, completely avoiding foreign server access during issuance.

3. Fill in Domain and Organization Information: Verify domain ownership and complete certificate issuance within 1-5 minutes.

4. Install and Deploy on Domain Server: Request assistance from staff if needed for installation and deployment.

 

After completion, HTTPS encrypted access to the website will be achieved.

Sign up to enjoy professional DNS services. Register now
DNS.IO
About Us Contact Us
Product
Domain DNS SSL Cerificates Domain Pollution Processing
Support
Help Center Notice News
Service & Support
Customer Service:public@dns.io Technical Support:support@dns.io Business Cooperation:business@dns.io
Contact Us
Consult
Official QQ:3874865342
WhatsApp Customer Service
© 2024 DNS.IO All rights reserved