Could CertAlert Have Prevented Microsoft’s Azure Outage?

Time waits for no developer.

How did Microsoft forget to renew their SSL certificate for Windows Azure? At this point, the company’s not saying. But Stackify launched a new service this week for employees to proactively ensure that they’re not put in the same situation.

When SSL issues knocked out Microsoft’s worldwide Azure storage services at around 8:44 PM UTC last Friday, all dependent services were impacted as well, including media encoding, on-demand streaming, and Azure’s compute functions. That left application developers unable to start new virtual machines. (Separately, Microsoft said its Outlook.com cloud email service went down on Monday, but hasn’t offered a reason behind the outage.)

CertAlert.me could blunt at least some of the issues caused by outages like Azure’s, by allowing administrators to sign up for an email that checks the domain and SSL status of a site, then sends automated emails once a month reminding them to renew their domain registration or SSL certification as the deadline nears.

Why did Stackify, a developer whose product helps customers manage and monitor production applications, come up with Cert.me? Because Certify runs on top of Azure, and went down when Azure did, founder Matt Watson said in an interview: “There’s got to be some way to know ahead of time that this is going to happen.”

“And those alerts don’t necessarily go to the right people,” he added. “They don’t necessarily go to the IT people at all, just whoever happens to buy the certificate. What we want is a very, very simple tool that will alert anybody.”

Virtually all services issue some form of automated reminder, including Symantec (which purchased Verisign’s authentication business) and GoDaddy. 3Dcart, which designs e-commerce “shopping cart” software and sells SSL certificates, shoots out automated emails 30 days and then 15 days from the date of certificate expiration, following that with daily emails for the last 10 days. At companies such as Comodo, the SSL alert only goes to direct customers, not anyone who signed up via a reseller.

“We just wanted something for free,” Watson said. (Other free solutions exist, including this script example.) Stackify will most likely keep and improve CertAlert.me over time as a “freemium offering,” as notifications are part of Certify’s functionality.

 

Image: Palo_ok/Shutterstock.com

Post a Comment

Your email address will not be published.