Russia Issues Its Own TLS Certs

The country’s citizens are being blocked from the internet because foreign certificate authorities can’t accept payments due to Ukraine-related sanctions, so it created its own CA.

Russia is offering its own trusted Transport Layer Security (TLS) certificate authority (CA) to replace certificates that need to be renewed by foreign countries. As it is, a pile of sanctions imposed in the wake of Russia’s invasion of Ukraine is gumming up its citizen’s access to websites.

As it is, Russian sites are stuck, unable to renew their certs because sanctions keep signing authorities in many countries unable to accept payments from Russia, according to BleepingComputer.

TLS – more commonly known as SSL, or TLS/SSL – is a cryptographic protocol that secures the internet by encrypting data sent between your browser, the websites you visit and the website’s server. The certificates keep data transmission private and prevent modification, loss or theft, as digicert explains.

How TLS certificates work. Source: Digicert.

According to a notice on Russia’s public service portal, Gosuslugi, as shown in a translated version in this article’s featured art, the certificates will replace foreign security certs if they expire or get yanked by foreign CAs. According to the portal, the service is available to all legal entities operating in Russia, with the certificates delivered to site owners upon request within five working days.

Infosec Insiders Newsletter

The ‘Digital Iron Curtain’

Over the past two weeks, Russia’s internet services have been cut off by multiple major U.S. internet suppliers, including Cogent Communications, reportedly the second-largest internet carrier servicing Russia. Lumen, another major U.S. internet supplier, followed suit on Tuesday, pushing the country’s citizens behind what some analysts are calling “a new digital Iron Curtain.”

Mikhail Klimarev, executive director of the Internet Protection Society, which advocates for digital freedoms in Russia, told The Washington Post that he’s “very afraid of this.”

“I would like to convey to people all over the world that if you turn off the Internet in Russia, then this means cutting off 140 million people from at least some truthful information. As long as the Internet exists, people can find out the truth. There will be no Internet — all people in Russia will only listen to propaganda.”

Chrome, Firefox, Edge Won’t Swallow the New Certs

BleepingComputer reported on Thursday that the only web browsers that were recognizing the new CA as trustworthy at the time were the Russia-based Yandex browser and Atom products: Russian users’ only alternative to browsers such as Chrome, Firefox, Edge and others.

Somebody with a Mozilla domain email on Thursday started a thread to discuss examination of the new root Russia cert, pointing to the possibility of the Russian government using it to start mand-in-the-middle (MitM) attacks – though, they said, none had been detected as of yesterday.

“Although at present there’s no MitM, it’s likely that government websites will start using this and once adoption is high enough Russia will perhaps start MitM,” they said. They cited an ISP who said that it had been told that the new cert was mandatory, making the certificate “worth urgent consideration.”

Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.

Suggested articles