wordpress blog stats
Connect with us

Hi, what are you looking for?

Lok Sabha and Supreme Court websites’ SSL certificates invalid

The Supreme Court of India and the Lok Sabha’s websites have invalid SSL certificates. While accessing the Supreme Court’s website results in a Privacy Error on most browsers, accessing the Lok Sabha’s website just results in a “Connection Closed” error. An SSL certificate encrypts the content of a webpage being delivered to users, and is usually indicated with a green padlock in a browser’s address bar, followed by https://. SSL certificates are pretty standard for any large website, in both the public and private sectors.

MediaNama has reached out to the National Informatics Centre, which developed and maintains both websites, for comment.

Why an SSL certificate is important

Personal data being submitted to websites is otherwise susceptible to interception or imitation — unless a user is encrypting their entire connection with a virtual private network, ISPs or any party in the middle with access to the connection can steal user data. The Supreme Court and Lok Sabha’s websites are both static, meaning they mostly don’t collect data from users. The Supreme Court has a separate website for e-filing, which has a valid SSL certificate. To access the Supreme Court’s site, a user has to choose to “Proceed anyway” after encountering a privacy error in most browsers. In the Lok Sabha’s case, you’ll need to manually remove the s from the https:// to access the site without SSL encryption.

Diminished security isn’t the only consequence of an SSL certificate being invalid. Google search results usually point users to a version of the site that is SSL-encrypted, which can stonewall users trying to access a misconfigured site. Per Alexa, half the traffic for both sites does indeed come from search results. In the Supreme Court’s case, users must bypass a browser UI that is designed to make them turn back. In the Lok Sabha’s case, they must know to remove the s from the https://.

Indian government and SSL

This is not an isolated incident. Different government websites’ SSL certificates periodically go down, confronting users with errors that wouldn’t happen if the site didn’t install an SSL certificate in the first place. The UIDAI’s Aadhaar enrolment status checking microsite was down for weeks at one point.

To make matters worse, most SSL certificates on government websites are signed by private certificate authorities like DigiCert, as opposed to open-source alternatives like Let’s Encrypt (which doesn’t come with a fee, unlike private CAs). The government even tried to in-house the entire process by setting up its own certificate authority. That initiative came under question following a security incident in 2014, when Google noticed that some users were accessing its site over invalid SSL certificates issued by the National Informatics Centre. What’s worse, those certificates have to be manually trusted by users, which makes deploying them at scale impractical. It has also raised  a security concern:

Are you aware of any other Indian government website whose SSL certificate is invalid or has expired? Let me know by DM-ing me on Twitter or emailing me at aroon@medianama.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

News

In an affidavit filed before the Supreme Court, the Reserve Bank of India (RBI) has said that companies like WhatsApp, Google and Amazon have...

News

Shortly after Bharti Airtel approached the Supreme Court to get the the Department of Telecommunications (DoT) to revise its Adjusted Gross Revenue (AGR) dues,...

News

After consenting to multiple contempt of court proceedings for social media posts in the recent past, Attorney General KK Venugopal has said that curbing...

News

We missed this earlier: The Attorney General of India, KK Venugopal, granted consent for proceedings to be initiated against Rachita Taneja, an artist who...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ