Looking into unauthorised digital certificates issue: Govt

Tags: News
The government today said it is looking into the matter raised by tech giants Google and Microsoft which have said that the National Informatics Centre (NIC) has issued unauthorised digital certificates.

The Controller of Certifying Authorities issues licences and regulates the working of Certifying Authorities, who issue digital certificates for electronic authentication of users.

Digital certificate is like an electronic passport that allows a person, computer or organisation to securely exchange information over the Internet.

When contacted, Department of Electronics and Information Technology Secretary R S Sharma told PTI: "We are looking into this issue. Certifying Authority (CA) is taking appropriate steps and is working under the guidance of the CCA."

In a blog post last week, Google said: "On Wednesday, July 2, we became aware of unauthorised digital certificates for several Google domains.

"The certificates were issued by NIC of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA)."

Similarly, Microsoft said it is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks or perform man-in-the-middle attacks.

"SSL certificates were improperly issued by NIC, which operates subordinate CAs under root CAs operated by Government of India's Controller of Certifying Authorities, which are CAs present in the Trusted Root Certification Authorities Store," it added.

Meanwhile, CCA in a post on its website said: "Due to security reasons 3 CA Certificates issued to NICCA have been suspended and the corresponding CRLs have been updated for this purpose. Further updation will be notified."

Google said it had alerted NIC, India CCA and Microsoft about the incident and blocked the mis-issued certificates in Chrome with a CRLSet push. "On July 3, India CCA informed us that they revoked all the NIC intermediate certificates and another CRLSet push was performed to include that revocation."

The US-based firm said India CCA informed it about the results of their investigation on July 8.

"They reported that NIC's issuance process was compromised and that only four certificates were misissued, the first on June 25. The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains," Google added.

Digital certificate provides identifying information, and is forgery resistant and can be verified.

It contains certificate holder's name, a serial number, expiration dates, a copy of certificate holder's public key (used for encrypting messages and digital signatures) and digital signature of the CA so that a recipient can verify the certificate.

Post new comment

E-mail ID will not be published
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

EDITORIAL OF THE DAY

  • The current value of the rupee does not merit market intervention

    The rupee, losing 40 paise per month against the dollar since May, is expected to remain under pressure till the calendar runs out on December 31, bef

FC NEWSLETTER

Stay informed on our latest news!

INTERVIEWS

GV Nageswara Rao

MD & CEO, IDBI Federal Life

Timothy Moe

Goldman Sachs

Chander Mohan Sethi

CMD, Reckitt Benckiser India

COLUMNIST

Tushar Gandhi

Sustainable model for rural sanitation

Prime minister Narendra Modi has promised to build a toilet ...

Zehra Naqvi

How smells evoke strong memories

Remember that time when a passing fragrance transported you to ...

Dharmendra Khandal

Indian zoos need a fresh approach

Recently, when a man jumped in a tiger trench of ...

INTERVIEWS

William D. Green

Chairman & CEO, Accenture