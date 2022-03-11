Part of the problems that Russian users have been experiencing when accessing the Internet in recent weeks are derived from the inability to renew TLS security root certificatesdue to obstacles to payment processing with the certifying authorities of those countries that support anti-Russian sanctions.

The function of these certificates is none other than that of tell the web browser that the site they are accessing is secure (HTTPS), since it belongs to a verified entity and allows encrypted communication between client and server.

most browsers already dissuade the user in one way or another from continuing to browse by the site when the presence of these certificates cannot be detected, so in order to prevent Russian websites from being marked as insecure (for both domestic and foreign users) and thereby losing their traffic, the Russian government has arranged for the creation of its own national TLS certification authority.

According to the Ministry of Digital Development, this new entity will provide, to those websites whose certificates expire or are revoked, “a free national analog […] within five working days.” For now, they have already issued certificates for the sites of the Central Bank of Russia and for two other private financial entities.

In short, Russia cannot acquire certificates abroad, but it also needs the ‘go ahead’ from abroad to be universally admitted as a certification authority.

However, for now the only web browsers that are known to recognize this new certificate authority are Yandex (property of the homonymous search engine) y Atomboth Russian, since the usual thing is that each new certification authority must be examined by several foreign companies, which will undoubtedly slow down (and more so in the current context) the ‘approval’ to the new Russian entity.

Meanwhile, the authorities of the Slavic country already they have begun to recommend their citizens to switch to using browsers 'made in Russia' mentioned above to facilitate web browsing.





Users (both Russian and foreign) of other browsers still have the option to manually add the new Russian root certificate if they choose, although accusations of malicious use of it in order to intercept HTTPS traffic and launch ‘man in the middle’ attacks that would allow the user’s personal information (bank details, passwords…) to be stolen.

Vía | Bleeping Computer