|Welcome Guest! Login|
CA Türktrust issued fake SSL Certificates
The Turkish Certificate Authority (CA) Türktrust has issued fake SSL Certificates. That is what Google has discovered on December 24, 2012 after a false certificate was used for the domain *.google.com.
The certificate that was discovered on 24 December by Google was already issued by Türktrust in August 2011. On December 26, a second certificate was discovered that should not have been issued. According to Microsoft, the Turkish CA claims that there are two authorities created to request for fake SSL Certificates.
After Google blocked the certificates directly the next day on Google Chrome, the other web browsers also blocked the certificates. Microsoft has now released an update in which the conscious certificates are not trusted. Users of Windows 8, Windows Phone 8 and Windows Server 2012 do not have to do anything. Users with other software should pick up the update itself.
Google announced that it will release an update later this month where certain certificates of Türktrust no longer be regarded as trusted. Google confirms that the rest of the certificates of the Turkish Certificate Authority are just reliable.
The problems are very comparable to the situation with the Dutch company DigiNotar in 2011. They also issued false certificates for *.google.com. These were later used for a man-in-the-middle attack in Iran.