Factsheet: Fraudulently issued security certificate discovered
On 29 August 2011 it became known that a fraudulent DigiNotar security certificate was issued for Google.com, as a result of an intrusion. DigiNotar is a Dutch company that issues - amongst others - SSL certificates. These certificates are used for the identification of websites and protection of internet communication. The discovery of this fraudulent certificate has caused various browser-vendors to stop trusting the DigiNotar Root Certificate Authority and DigiNotar sub root in their browsers. On September 2, the results of an investigation by Fox-IT have been shared with the government, after which the government has denounced its trust in the DigiNotar certificates.
The main facts at a glance
- The Dutch government denounces trust in certificates issued by DigiNotar.
- After an intrusion in DigiNotar systems, probably several hundred fraudulent certificates were issued.
- A fraudulent certificate for google.com is actually used by attackers.
- There are no Dutch government certificates among the known fraudulent certificates.
- Visitors of websites might get warning messages that websites can no longer be trusted.
- Server-to-Server communication that is based on DigiNotar certificates can be disrupted.
- The Dutch government has taken over operational management from DigiNotar.
- More information can be found on www.rijksoverheid.nl.
- For public questions, you can call 0800-1351.