Incident Report: Firefox & Internet Explorer Report Revoked Certificate – April 11, 2014
On April 7, as part of our efforts to resolve the Heartbleed issue for FormAssembly.com, we ordered and released new SSL certs to ensure secure communication between you and FormAssembly.com.
After those new certs were fully deployed and accepted, we requested that our SSL certificate provider revoke the old certificates as part of the best practices steps suggested when resolving Heartbleed.
Unfortunately, by mistake our SSL certificate provider revoked *all* of our certificates for FormAssembly.com, including the new ones we had just issued. As a result, we’ve had to scramble to deploy a third set of certificates that should now be live.
HOW DOES THIS IMPACT YOU:
For a time between 9:30 ET and 10:15 ET (2014-04-11), you may have seen a message like “Certificate Invalid or Revoked” when trying to login to your FormAssembly account when using Firefox or Internet Explorer. Most likely you would not have been able to proceed past that warning.
Form processing was not affected for the vast majority of users during that time (as we rely on separate domains for form processing).
WHAT SHOULD YOU DO:
At this time the issue should be resolved. There should be no special action required on your part, and you should be able to access https://app.formassembly.com without issue on any browser. If this is not the case, please contact us immediately at [email protected].
We apologize for any inconvenience this may have caused.
The FormAssembly Infrastructure Team
FYI – For those curious or wishing to confirm, the correct certificates for app.formassembly.com should have a validity date from 2014-04-10 to 2015-09-29.