The cause of the recent o2 outage this week was an expired certificate. The issue was not actually O2’s fault either, it was Ericsson.
Ericsson said that “an initial root cause analysis” had indicated that the “main issue was an expired certificate in the software versions installed with these customers”. Ericsson identified an issue in certain nodes in the core network resulting in network disturbances for a limited number of customers in multiple countries using two specific software versions of the SGSN–MME (Serving GPRS Support Node – Mobility Management Entity).
If this was a normal website certificate this would be quite easy to spot and fix, you would visit the website and see a certificate error, you could then click and view the certificate and see that it had expired. In this case the certificate was on some equipment that talks to O2’s network so to be fair it would not be directly obvious what the issue was.
Certificates are data files that digitally bind a cryptographic key to an organization’s details. When installed on a server or other equipment they activate and use the https protocol to allows secure connections from one server or system to another.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.