Russia to issue its own security certificates to beat sanctions

The green padlock is an important web browsing tool, certifying that your data is protected from hackers while visiting a website

Image:
The green padlock is an important web browsing tool, certifying that your data is protected from hackers while visiting a website

But issuing globally-recognised certificates is not as easy as Moscow wants it to be

The Russian government has created its own body to issue TLS certificates to Russian websites, after sanctions prevented them from renewing existing certificates.

TLS (Transport Layer Security) is a protocol that establishes an encrypted session between two computers on the Internet. It verifies the identity of the server and prevents hackers from intercepting data.

The padlock icon in the web address bar indicates a secure connection on a website, and if the browser does not find a valid TLS certificate, it warns the user that the website is not secure, driving many users away.

Digital certificates, issued by a Certificate Authority (CA), are required to certify that the website is safe; but certifying authorities in countries that have sanctioned Russia are now unable to accept payments for TLS certificate renewals. That's why major browsers like Chrome, Firefox, Safari, and Edge are flagging Russian websites with expired certificates as unsafe.

These browsers now show a full-page warning, advising users not to visit such sites.

To address these issues, Russia has established its own CA that will issue TLS certificates independently, allowing Russian websites to avoid being flagged as insecure.

The new authority will replace the foreign security certificate if it is cancelled or expires, according to the Russian public services portal Gosuslugi.

Russia's Ministry of Digital Development would give a free domestic analogue, Gosuslugi stated, and the site owners will receive the service within five working days, upon request.

However, as with any international trade, there's a safety mechanism that prevents countries from self-certifying without oversight, as Russia is trying to do. Before browsers will accept the new TLS certificate, it first has to pass a lengthy validation process - and acceptance will depend on sanctions.

For that reason, Russian authorities are advising users to avoid using popular browsers from Western companies, and instead turn to the home-grown Yandex and Atom products, which already recognise Russia's CA.

The Russian Central Bank, VTB and Sberbank are among the websites that have already started using the new TLS certificate.

A list of 198 domains that allegedly received a notification to use the local TLS certificate has been circulating in Russian media, although the authorities are not yet enforcing its usage.

Over the past two weeks, Russian internet users have been increasingly deprived of online services such as Twitter, Facebook, foreign news sites, and streaming services like Amazon Prime Video and Netflix.

Roskomnadzor, the Russian communications regulator, this week ordered Google to erase tens of thousands of search results that linked to tools Russians were using to get around restrictions on social media platforms and specific news sites - a move similar to China's Great Firewall, which prevents people inside the country from using the majority of outside media.

Many tech firms have left Russia in the past 10 days, citing opposition to the Russian invasion as the primary reason.

Earlier this week, Lumen Technologies, a global provider of internet infrastructure, announced that it was terminating its operations in the country. It cited concerns of an 'increased security risk', fears of Kremlin action, and a desire to defend the integrity of the internet as a whole.

Last week, US-based Cogent Communications announced the end of its operations in Russia; and earlier this month, domain registrar Namecheap told Russia-based customers that it would no longer be able to offers services to them. It advised looking for alternative providers 'immediately'.