The expiration of one of VeriSign's master digital certificates on Wednesday created confusion for Net users and glitches to the operation of some applications, notably Norton Anti-Virus (NAV). After the cert VeriSign used to sign other certs expired, the chain of trust was broken, leaving some aps unable to set up a secure connection. These apps then defaulted to trying to access Verisign's certificate revocation list server (crl.verisign.com) which, faced with a huge extra load, buckled under the pressure. . . .
The expiration of one of VeriSign's master digital certificates on Wednesday created confusion for Net users and glitches to the operation of some applications, notably Norton Anti-Virus (NAV).
After the cert VeriSign used to sign other certs expired, the chain of trust was broken, leaving some aps unable to set up a secure connection. These apps then defaulted to trying to access Verisign's certificate revocation list server (crl.verisign.com) which, faced with a huge extra load, buckled under the pressure.
Verisign has posted an advisory on the problem here, detailing server updates needed to resolve application instability. Essentially where there are problems traffic needs to be directed to a new Global Server Intermediate Root CA.