Potentially 219K Expired SSL Certs?

Tyler — Fri, 06 Feb 2009 05:09:21 +0000

Royal Pingdom has a post up mention that Netcraft has announced there are now one million sites that are using SSL. That’s valid certs, trusted by a third party, not expired and where the common name matches the hostname. That’s a far cry from the 3293 found in Netcrafts first SSL survey.

Does this survey catch everything? Probably not, but it’s most likely a good starting point.

Now, how did Royal Pingdom determine that there are potentially 219K in expired certs? They based it on a 2007 survey from Venafi (referenced here), that said 18% of Fortune 1000 websites had expired certificates. They applied the percentage to the Netcraft total and, voila… 219K. They also go on to say that even if you have that it’s still 100K websites with expired certificates.

I’d be willing to wager a guess that if the number is off it’s mark, that it’s probably too low rather than two high. I encounter sites all the time with expired certs. Mind you, since we started SSLFail.com, I’ve had a harder time finding them. However, I did happen to stumble across one just the other day and since we don’t feature screenshots with IE often enough… here you go.

OpenRCE.org Expired SSL

.:SSLFail:. » netcraft

Potentially 219K Expired SSL Certs?