What Happens if SSL Certificates Expire?
By Steve McDonnell
Underlying the decision to purchase products or services from an online retailer or to sign up as a member on a website is the issue of trust. According to the United States Department of Commerce, the continued growth of Internet commerce and the sustainability of an Internet economy depends on the degree to which users trust that their personal information will be protected. SSL certificates are an important tool that companies use to establish trust with users. When SSL certificates expire, customers are automatically notified and companies risk losing their customers' trust.
When SSL certificates expire, websites retain the certificates and the information in the certificates. However, everything the certificates verified for users is no longer valid. Although the data exchanged between servers and client computers continues to be encrypted, users can't trust that the encryption hasn't been compromised in some way. They can't tell whether organizations claiming to own domains are the true owners, and therefore cannot know for sure if a website is an official website or an imposter website.
When you access a Web page on a server with an expired SSL certificate – for example, to begin a checkout process – your browser issues an error message and forces you to confirm that you want to access the website. It warns you that the certificate is not valid and discourages you from accessing the website for safety reasons. If you confirm the error, some browsers maintain a warning notice or color part of the address bar red to remind you of the error condition while you browse the website. Some companies configure browser settings to prevent employees from accessing a site with an invalid certificate.
Expired SSL certificates can negatively affect online sales. According to Symantec, 90 percent of consumers will stop a transaction when receiving an SSL warning, and 72 percent will either abandon the transaction completely or go to a competitor's website. Expired SSL certificates can also increase operating costs. For example, calls to customer service and support may increase dramatically when customers call to find out why they are getting error messages.
A company's reputation and credibility can be damaged when users encounter a website with an expired SSL certificate. Since customers can no longer trust the website to make an online purchase, they may also wonder if their personal or financial information is at risk of being exposed. According to a study by the Ponemon Institute, about a third of customers permanently terminate their relationships with a company that has a security breach of customer information.
- Directnic: What Will Happen If My Certificate Expires? How Do I Renew?
- Symantec: Proper Management of SSL Certificates: Why It Is Critical to Your Organization - Part 1
- Ponemon Institute: Ponemon Institute Examines Consumer Response to Data Breach Notice
- U.S. Department of Commerce: The Importance of Trust on the Internet
Steve McDonnell's experience running businesses and launching companies complements his technical expertise in information, technology and human resources. He earned a degree in computer science from Dartmouth College, served on the WorldatWork editorial board, blogged for the Spotfire Business Intelligence blog and has published books and book chapters for International Human Resource Information Management and Westlaw.