Time-based expiration problem of the SSL/TLS certificates

Time-based expiration problem of the SSL/TLS certificates

Luottamuksellisen datan määrä verkkopalveluissa nousee jatkuvasti, joka asettaa vaatimukset datan salaukselle siirron aikana ja palvelimen tunnistamiselle. Vakiintunut ratkaisu edellämainittuihin vaatimuksiin on Transport Layer Security (TLS). Teknisesti TLS vaatii toimiakseen X.509 varmenteen. Vaik...

Full description

Bibliographic Details
Main Author: Sippo, Markus
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2021
Subjects:
X.509
SSL/TLS
certificates
Tietojärjestelmätiede
Information Systems Science
601
salaus
verkkopalvelut
encryption
online services
Online Access: https://jyx.jyu.fi/handle/123456789/79138
_version_ 1826225754919141376
author Sippo, Markus
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Sippo, Markus Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Sippo, Markus Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Sippo, Markus
datasource_str_mv jyx
description Luottamuksellisen datan määrä verkkopalveluissa nousee jatkuvasti, joka asettaa vaatimukset datan salaukselle siirron aikana ja palvelimen tunnistamiselle. Vakiintunut ratkaisu edellämainittuihin vaatimuksiin on Transport Layer Security (TLS). Teknisesti TLS vaatii toimiakseen X.509 varmenteen. Vaikka X.509 varmenteet ovat hyvin ymmärrettyjä, niiden implementointi usein aiheuttaa hämmennystä pääkäyttäjille ja kehittäjille, jonka seurauksena virheet implementoinneissa ovat yleisiä. Tämän lisäksi varmenteilla on voimassaolo päivämäärä, joka tarkoittaa että varmenteet tulee uusia ajoittain. Varmenteiden uusiminen voi unohtua tai se jätetään tarkoituksella tekemättä, joka aiheuttaa usein yhteys ongelmia verkko-palveluihin. Tämä tutkimus tuottaa tietoa vanhentuneiden varmenteiden käytöstä ja niiden yleisyydestä. Tämän lisäksi, tämä tutkimus tuottaa tietoa liittyen palveluihin ja liiketoimintaan, jotka tyypillisimmin kärsivät vanhentuneista varmenteista. Lisäksi tutkimus luokittelee yleisimmät virhetilanteet TLS implementoinneissa. Tutkimuksen tulokset osoittavat, että varmenteiden vanhemeninen on yleinen ongelma, josta kärsivät kaiken tyyppiset verkko-palvelut aina valtioiden verkkosivuista verkkokauppoihin. The amount of confidential data in web services is continuously rising, which sets requirements for data encryption during transmission and server authenti-cation. The commonly adopted solution is Transport Layer Security (TLS), which solves both requirements presented above. Technically TLS relies on X.509 certificates to provide features. While X.509 certificates are well-understood topic, the implementation often confuses the domain administra-tors and errors during the configuration are common. On top of this, certificates have an expiration date, which means that the certificates need to be renewed from time to time. Often, the renewal is either forgotten or neglected by the administrators, which leads to connection issues. This study provides insight on expired certificates and their usage. In addition, this study provides insight on what type of services and businesses are impacted by expired certificates. Most common error cases in TLS implementations were also extracted from the data. The results of this paper indicate that certificate expiration is a common problem, that affects all types of online services, ranging from governmental online services to online shops.
first_indexed 2021-12-22T21:03:36Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Costin, Andrei", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Sippo, Markus", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2021-12-22T10:04:54Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2021-12-22T10:04:54Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2021", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/79138", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Luottamuksellisen datan m\u00e4\u00e4r\u00e4 verkkopalveluissa nousee jatkuvasti, joka asettaa vaatimukset datan salaukselle siirron aikana ja palvelimen tunnistamiselle. Vakiintunut ratkaisu edell\u00e4mainittuihin vaatimuksiin on Transport Layer Security (TLS). Teknisesti TLS vaatii toimiakseen X.509 varmenteen. Vaikka X.509 varmenteet ovat hyvin ymm\u00e4rrettyj\u00e4, niiden implementointi usein aiheuttaa h\u00e4mmennyst\u00e4 p\u00e4\u00e4k\u00e4ytt\u00e4jille ja kehitt\u00e4jille, jonka seurauksena virheet implementoinneissa ovat yleisi\u00e4. T\u00e4m\u00e4n lis\u00e4ksi varmenteilla on voimassaolo p\u00e4iv\u00e4m\u00e4\u00e4r\u00e4, joka tarkoittaa ett\u00e4 varmenteet tulee uusia ajoittain. Varmenteiden uusiminen voi unohtua tai se j\u00e4tet\u00e4\u00e4n tarkoituksella tekem\u00e4tt\u00e4, joka aiheuttaa usein yhteys ongelmia verkko-palveluihin. T\u00e4m\u00e4 tutkimus tuottaa tietoa vanhentuneiden varmenteiden k\u00e4yt\u00f6st\u00e4 ja niiden yleisyydest\u00e4. T\u00e4m\u00e4n lis\u00e4ksi, t\u00e4m\u00e4 tutkimus tuottaa tietoa liittyen palveluihin ja liiketoimintaan, jotka tyypillisimmin k\u00e4rsiv\u00e4t vanhentuneista varmenteista. Lis\u00e4ksi tutkimus luokittelee yleisimm\u00e4t virhetilanteet TLS implementoinneissa. Tutkimuksen tulokset osoittavat, ett\u00e4 varmenteiden vanhemeninen on yleinen ongelma, josta k\u00e4rsiv\u00e4t kaiken tyyppiset verkko-palvelut aina valtioiden verkkosivuista verkkokauppoihin.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The amount of confidential data in web services is continuously rising, which sets requirements for data encryption during transmission and server authenti-cation. The commonly adopted solution is Transport Layer Security (TLS), which solves both requirements presented above. Technically TLS relies on X.509 certificates to provide features. While X.509 certificates are well-understood topic, the implementation often confuses the domain administra-tors and errors during the configuration are common. On top of this, certificates have an expiration date, which means that the certificates need to be renewed from time to time. Often, the renewal is either forgotten or neglected by the administrators, which leads to connection issues. This study provides insight on expired certificates and their usage. In addition, this study provides insight on what type of services and businesses are impacted by expired certificates. Most common error cases in TLS implementations were also extracted from the data. The results of this paper indicate that certificate expiration is a common problem, that affects all types of online services, ranging from governmental online services to online shops.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2021-12-22T10:04:54Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2021-12-22T10:04:54Z (GMT). No. of bitstreams: 0\n Previous issue date: 2021", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "66", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "X.509", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "SSL/TLS", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "certificates", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Time-based expiration problem of the SSL/TLS certificates", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202112226120", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "salaus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkopalvelut", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "encryption", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "online services", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_79138
language eng
last_indexed 2025-02-18T10:56:02Z
main_date 2021-01-01T00:00:00Z
main_date_str 2021
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/7026b4d7-af7a-4807-b934-b98912caa37c\/download","text":"URN:NBN:fi:jyu-202112226120.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2021
record_format qdc
source_str_mv jyx
spellingShingle Sippo, Markus Time-based expiration problem of the SSL/TLS certificates X.509 SSL/TLS certificates Tietojärjestelmätiede Information Systems Science 601 salaus verkkopalvelut encryption online services
title Time-based expiration problem of the SSL/TLS certificates
title_full Time-based expiration problem of the SSL/TLS certificates
title_fullStr Time-based expiration problem of the SSL/TLS certificates Time-based expiration problem of the SSL/TLS certificates
title_full_unstemmed Time-based expiration problem of the SSL/TLS certificates Time-based expiration problem of the SSL/TLS certificates
title_short Time-based expiration problem of the SSL/TLS certificates
title_sort time based expiration problem of the ssl tls certificates
title_txtP Time-based expiration problem of the SSL/TLS certificates
topic X.509 SSL/TLS certificates Tietojärjestelmätiede Information Systems Science 601 salaus verkkopalvelut encryption online services
topic_facet 601 Information Systems Science SSL/TLS Tietojärjestelmätiede X.509 certificates encryption online services salaus verkkopalvelut
url https://jyx.jyu.fi/handle/123456789/79138 http://www.urn.fi/URN:NBN:fi:jyu-202112226120
work_keys_str_mv AT sippomarkus timebasedexpirationproblemofthessltlscertificates

Similar Items