Royal Pingdom has a post up mention that Netcraft has announced there are now one million sites that are using SSL. That’s valid certs, trusted by a third party, not expired and where the common name matches the hostname. That’s a far cry from the 3293 found in Netcrafts first SSL survey.
Does this survey catch everything? Probably not, but it’s most likely a good starting point.
Now, how did Royal Pingdom determine that there are potentially 219K in expired certs? They based it on a 2007 survey from Venafi (referenced here), that said 18% of Fortune 1000 websites had expired certificates. They applied the percentage to the Netcraft total and, voila… 219K. They also go on to say that even if you have that it’s still 100K websites with expired certificates.
I’d be willing to wager a guess that if the number is off it’s mark, that it’s probably too low rather than two high. I encounter sites all the time with expired certs. Mind you, since we started SSLFail.com, I’ve had a harder time finding them. However, I did happen to stumble across one just the other day and since we don’t feature screenshots with IE often enough… here you go.
OpenRCE.org Expired SSL
Samuel Bronson
February 6, 2009
Expired certs make me a sad bear.
Not because they’re expired, but because the browsers make it sound like the cert is broken and their security screwed. Expiration is probably necessary, but damn if it doesn’t feel useless and just another way for the CAs to make money.
Sad bear! :’(