A maintenance exercise gone awry at root certificate authority GlobalSign caused what could be thousands of websites to be mistakenly treated as insecure by web browsers and therefore become inaccessible to users attempting to reach them.
GlobalSign itself has resolved the issue at its end. But users who visited the affected sites before the problem was resolved could find themselves being blocked until their browser cache expires—a process that could take four or more days.
In an alert this week, GlobalSign described the problem as stemming from its revocation of a cross-certificate linking two root certificates. As a certificate authority that manages several root certificates, GlobalSign provides cross-certificates linking the roots to maximize effectiveness across different platforms, the company said in its alert.