US allows 80 TLS certificates from its own websites to expire due to shutdown

According to the internet company Netcraft, the US government has allowed more than eighty TLS certificates to expire because of the shutdown. As a result, multiple government websites would be inaccessible.

According to Netcraft, these are all kinds of .gov websites that should either be considered unsafe or that they are no longer accessible. According to the company, these include websites of NASA, the US Department of Justice and the US Court of Justice.

This concerns, for example, a website of the Ministry of Justice that uses a certificate that expired in December and has not been renewed. Due to the hsts protocol used, Chrome and Firefox users will not see an option to ignore the security warning when visiting the website.

Some other government websites that haven’t implemented hsts do, such as a NASA website whose certificate expired on January 5. However, Netcraft states that if users ignore the warning and still visit the website, they are at risk in the form of possible man-in-the-middle attacks.

The US government shutdown has been a fact for several weeks now, linked to a conflict between President Donald Trump and the Democrat-dominated House of Representatives. The Democrats do not want to approve more than $5 billion that Trump wants to use to build a wall on the border between Mexico and the US. Trump therefore refuses to approve the 2019 budget. Due to the shutdown, quite a few government employees are no longer paid, including employees responsible for IT support and the security of government websites.