Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. SSL/TLS X.509 certificate expired

Author: Government Digital Service

SSL/TLS X.509 certificate expired

What this means

An expired SSL/TLS X.509 certificate indicates that the certificate used to establish secure HTTPS connections is no longer valid.

Certificates have an expiration date, after which they are considered insecure.

Why this is a problem

Users will see warnings about insecure connections, leading to a loss of trust in the website.

Without a valid certificate, encrypted communication may be compromised, leaving users vulnerable to interception and data theft in a Man-in-the-Middle attack

Many modern browsers and applications block access to sites with expired certificates, disrupting service availability.

How to check if the problem is there

Inspect the server’s SSL/TLS configuration files for certificate validity dates.

There are a number of online tools such as Qualys SSL Labs which can be used to check the certificate configuration and validity of a website.

How to fix this

Obtain a new SSL/TLS certificate from a trusted Certificate Authority (CA) and install it on the server.

Remove any expired certificates where possible from the server. Once the new certificate is installed, use an online tool to re-check for the issue.

Consider implementing monitoring and alerts to notify administrators before a certificate expires in the future, or implement automated certificate enrolment.

Ensure the entire certificate chain (including intermediate certificates) is valid and correctly installed.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now