Cyber Security Alert! Compromised SSL certificates

2 March 2018
Decorative image
If your website's security certificate has been cancelled, it may not be accessible

 

The Department of Health and Human Services has been made aware that  20,000 website security certificates issued by provider Trustico, have been compromised. This has led to cancellation of these certificates.  As a result, some organisations may not be able to access online services.

Organisations that have installed a website certificate issued by DigiCert from Trustico, may be impacted and their website may not be accessible. Please contact your IT service provider if you are experiencing this issue.

DigiCert, the Secure Socket Layer (SSL) Certificate provider has released a statement regarding the Trustico Certificate revocation. For further information visit: digicert.com

How to check your website SSL certificate

1. View your certificate

Instructions to view certificate in Chrome:
  1.  Click on ‘Customise and control Google Chrome’ (located in the top right-hand corner and appears as three vertical dots) to reveal the  menu options.
  2.  Hover over ‘More Tools’ to reveal the secondary menu options.
  3.  Select ‘Developer Tools’. A new ribbon menu will appear. 
  4.  Click on the ‘Security’ menu option. If this is not visible, click on the double arrows.
  5.  Click on the ‘View certificate’ button to reveal the Certificate.
Instructions to view certificate in Internet Explorer:
  1. Left click on the lock icon in the Browser bar to reveal the menu options.
  2. Select ‘View Certificates’.

2. Check the issuer details

  1. The issuer is listed in the ‘General’ tab. Who was the certificate issued by?
  2. If the issuer is Trustico, please contact your service provider.
  3. If the issuer is not Trustico, no further action is required.

For further assistance, please contact the Department of Health and Human Services via email: Info.Security@dhhs.vic.gov.au