Mac users faced trouble with their apps overnight after the security certificate Apple uses to prevent piracy expired late on Wednesday.
Applications downloaded from the Mac App Store were temporarily unavailable from 10pm UK time, when a security certificate expired, five years after its creation, with no replacement immediately available.
Even once Apple fixed the error, issuing a new certificate for the apps (with an expiry date of April 2035, this time), users were still faced with problems. Those who could not connect to the internet couldn’t verify the new certificate, while those who had forgotten their password or couldn’t log in to iCloud for some other reason are also unable to use the downloaded apps until they can log in to the service.
My tweet from yesterday seems apt here. Unbelievably incompetent.
I’ll be using this as an example of how not to do certificate management.
Sadly, Apple is far from being alone here. I have made a good deal of money over the years fixing problems where a certificate has been allowed to lapse and Productions systems have stopped. Even with email notifications it still happens.
One company took almost two weeks to approve the purchase of a new certificate AFTER the old one had expired.
with increasing use of TLS etc this problem will only get worse and …. well the consequences are only too apparent.
Type “Elephone Vowney” in your favorite search engine. Hint : less than half the price of the most expensive iPhone.
Forgetting you’r password, even if +16 upper/lower-case+number’s in a random mix. Well…
Even that makes a user equals as incompetent as Apple.
Just tough lesson, forgetting a password.
Even more incompetent if those wich forgot, do not learn from that.
Just say’ing.
Edited 2015-11-13 00:43 UTC
How so?
Many people enter their password a handful of times, and lets the computer remember it afterwards.
Or they enter their passwords a handful of times, and they don’t use the service for an extended time.
Or they use multiple services with different passwords, and forget which is associated with which.
The list can go on.
if you have a sane policy and use a different (and strong) password for each service (and don’t write them down), then is likely from time to time you will forget one.
Been doing a fair bit of infrastructure work lately. PKI is a pain in the ass.
And yet another example why DRM (this cert is used only to prevent software piracy) is bad for everyone.
Damn, I want to purchase a cert that’s good for 20 years too. Like from Apple for APN. Annual APN cert renewal….its BS.