wordpress blog stats
Connect with us

Hi, what are you looking for?

Lok Sabha and Supreme Court websites’ SSL certificates invalid

The Supreme Court of India and the Lok Sabha’s websites have invalid SSL certificates. While accessing the Supreme Court’s website results in a Privacy Error on most browsers, accessing the Lok Sabha’s website just results in a “Connection Closed” error. An SSL certificate encrypts the content of a webpage being delivered to users, and is usually indicated with a green padlock in a browser’s address bar, followed by https://. SSL certificates are pretty standard for any large website, in both the public and private sectors.

MediaNama has reached out to the National Informatics Centre, which developed and maintains both websites, for comment.

Why an SSL certificate is important

Personal data being submitted to websites is otherwise susceptible to interception or imitation — unless a user is encrypting their entire connection with a virtual private network, ISPs or any party in the middle with access to the connection can steal user data. The Supreme Court and Lok Sabha’s websites are both static, meaning they mostly don’t collect data from users. The Supreme Court has a separate website for e-filing, which has a valid SSL certificate. To access the Supreme Court’s site, a user has to choose to “Proceed anyway” after encountering a privacy error in most browsers. In the Lok Sabha’s case, you’ll need to manually remove the s from the https:// to access the site without SSL encryption.

Diminished security isn’t the only consequence of an SSL certificate being invalid. Google search results usually point users to a version of the site that is SSL-encrypted, which can stonewall users trying to access a misconfigured site. Per Alexa, half the traffic for both sites does indeed come from search results. In the Supreme Court’s case, users must bypass a browser UI that is designed to make them turn back. In the Lok Sabha’s case, they must know to remove the s from the https://.

Indian government and SSL

This is not an isolated incident. Different government websites’ SSL certificates periodically go down, confronting users with errors that wouldn’t happen if the site didn’t install an SSL certificate in the first place. The UIDAI’s Aadhaar enrolment status checking microsite was down for weeks at one point.

Advertisement. Scroll to continue reading.

To make matters worse, most SSL certificates on government websites are signed by private certificate authorities like DigiCert, as opposed to open-source alternatives like Let’s Encrypt (which doesn’t come with a fee, unlike private CAs). The government even tried to in-house the entire process by setting up its own certificate authority. That initiative came under question following a security incident in 2014, when Google noticed that some users were accessing its site over invalid SSL certificates issued by the National Informatics Centre. What’s worse, those certificates have to be manually trusted by users, which makes deploying them at scale impractical. It has also raised  a security concern:

Are you aware of any other Indian government website whose SSL certificate is invalid or has expired? Let me know by DM-ing me on Twitter or emailing me at aroon@medianama.com.

Advertisement. Scroll to continue reading.
Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ