An expired SSL certificate brought down Windows Azure cloud storage for 12 hours over the weekend
An expired SSL certificate brought down Windows Azure cloud storage for 12 hours over the weekend, according to a post Sunday on the Windows Azure blog.
The worldwide outage impacted HTTPS traffic, and a number of Windows Azure services dependent on storage, Steve Martin, general manager, Windows Azure Business and Operations, said. The scope of the outage was enough for Windows Azure to decide to “proactively provide credits to impacted customers in accordance with [its] SLA,” he said, which will be reflected on a subsequent invoice.
According to ZDNet, the outage also appeared to affect Microsoft’s Team Foundation Server on Azure.
Windows Azure will provide a full root cause analysis soon, according to the blog post.
The mistake of allowing a SSL certificate to expire is not something that would be expected of an organization like Microsoft. The trivial error will cost Microsoft big time as it promises to reimburse customers impacted by the lengthy outage.
In the Data Center Knowledge report, Windows Azure Cloud Crashed by Expired SSL Certificate, Rich Miller asked how a company that has spent more than $15 billion building its cloud infrastructure could make such a mistake.
“An SSL certificate can be had for as little as $70 a year from a commercial certificate authority, or can be effectively free if you issue your own, as Microsoft does. So how did an expired SSL certificate crash the Windows Azure storage cloud computing platform Friday and Saturday? It’s an expensive question for Microsoft.”
Both Windows Azure outages show that small details can have a big impact when it comes to outages and downtime in the cloud.
Talk back: Did the Windows Azure cloud outage affect any of your services? Do you think Microsoft’s mistake with the SSL certificate is a sloppy error that should have been avoided? Let us know in a comment.
About Nicole Henderson
Nicole Henderson is the Editor in Chief of the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto. You can find her on Twitter @NicoleHenderson.
{ 3 comments… read them below or add one }
Welcome to the future where Microsoft is nothing more than XBox and Microsoft Office.
To ensure service availability and avoid unnecessary downtime caused by SSL certificate expiration, a cross-organization certificate management is needed. DCM is the solution administrators need in order to accomplish the challenging mission of certificates management. DCM manages certificates issued by Microsoft CA’s and certificates scanned in predefined IP ranges and ports
For more information http://www.advice-tech.com
Dror Belleli
CEO
Talk about embarrassing for Microsoft! To help make sure Microsoft’s silly mistake doesn’t happen to anybody else, we just launched a free SSL certificate monitor: http://www.stackify.com/stackify-launches-free-certalert-me-service-to-monitor-ssl-certificates/