Certificates

On 29 August 2011 it became known that a fraudulent DigiNotar security certificate was issued for Google.com, as a result of an intrusion. DigiNotar is a Dutch company that issues - amongst others - SSL certificates. These certificates are used for the identification of websites and protection of internet communication. The discovery of this fraudulent certificate has caused various browser-vendors to stop trusting the DigiNotar Root Certificate Authority and DigiNotar sub root in their browsers. On September 2, the results of an investigation by Fox-IT have been shared with the government, after which the government has denounced its trust in the DigiNotar certificates.

The main facts at a glance:

• The Dutch government denounces trust in certificates issued by DigiNotar.
• After an intrusion in DigiNotar systems, probably several hundred fraudulent certificates were issued.
• A fraudulent certificate for google.com is actually used by attackers.
• There are no Dutch government certificates among the known fraudulent certificates.
• Visitors of websites might get warning messages that websites can no longer be trusted.
• Server-to-Server communication that is based on DigiNotar certificates can be disrupted.
• The Dutch government has taken over operational management from DigiNotar.
• More information can be found on www.rijksoverheid.nl.
• For public questions, you can call 0800-1351.

Factsheet: Fraudulently issued security certificate discoverd | PDF | 51,24 kB
Fraudulent certificates - List of Common names | PDF | 67,9 kB

Other information, see GOVCERT.NL.