In other words, can the Certificate Authority be forced to invalidate my website SSL? I ask that because I just noticed that the russian government websites are only accessible with http. No https. kremlin.ru government.ru I find plausible that one of those websites might expire its certificates, but both?
Yes and no. Your computer trusts certificates because a certificate was signed by somebody you trust. Your OS/Browser comes with a list of a few that it trusts but you can add more manually - if you work in a white collar job your company likely did that.
But if you added a certificate to your browser nobody can break the encryption. Nation states might be collecting encrypted traffic in hopes of breaking it in years/decade - but that's very speculative and probably not what you asked about.
As for government dor ru: I think the issue isn't expired certificates. They just don't have https. Bad practice but there isn't an asset worth encrypting/protecting on that site.
reply
Thanks very clear explanation!
reply