Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Certificate Errors in Office 365 Today - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Certificate Errors in Office 365 Today

It looks like there's a mis-assignment of certificates today at Office 365.  After login, the redirect to portal.office.com reports the following error:

portal.office.com uses an invalid security certificate.

The certificate is only valid for the following names: *.bing.com, *.platform.bing.com, bing.com, ieonline.microsoft.com, *.windowssearch.com, cn.ieonline.microsoft.com, *.origin.bing.com, *.mm.bing.net, *.api.bing.com, ecn.dev.virtualearth.net, *.cn.bing.net, *.cn.bing.com, *.ssl.bing.com, *.appex.bing.com, *.platform.cn.bing.com

 

Hopefully they'll have this resolved quickly.  Thanks to our reader John for the heads-up on this!

======================================================
UPDATE (4pm EST)

Looks like this has been resolved

===============
Rob VandenBrink
Metafore

Rob VandenBrink

497 Posts
ISC Handler
It works fine for me right now.
Patk7

9 Posts
Oh nevermind, now I get the error. Weird.
Patk7

9 Posts
Quoting Patk7:It works fine for me right now.


Ditto, just did a remote session for someone after all MS, Flash.. updates.. Flawless.

Quoting Patk7:Oh nevermind, now I get the error. Weird.


If I hear back with a problem, will submit differently.. Personally I do not use the product.. but do a security check of my customers after updates or something posted here that is not good.
ICI2Eye

52 Posts
I'm on that all day and I haven't seen any errors. It can't be global to the system.

Perhaps it's related to the ongoing work restoring admin role: https://portal.office.com/servicestatus/ServiceStatusDetails.aspx?ids=MO8197&type=0&xid=bUV%2fbEkWLQofjDfo7PDfT2YjC51BH%2bxGwy%2bbNgumvlo%3d
Larry Seltzer

25 Posts
I find that if I refresh the page 3 times, the problem disappears.

At first, I get a certificate error for https://portal.office.com/ . At this time, the ceriticate is as follows:
- certificate name is:
CN = *.bing.com
- other names is:
Nom DNS=*.bing.com
Nom DNS=*.platform.bing.com
Nom DNS=bing.com
Nom DNS=ieonline.microsoft.com
Nom DNS=*.windowssearch.com
Nom DNS=cn.ieonline.microsoft.com
Nom DNS=*.origin.bing.com
Nom DNS=*.mm.bing.net
Nom DNS=*.api.bing.com
Nom DNS=ecn.dev.virtualearth.net
Nom DNS=*.cn.bing.net
Nom DNS=*.cn.bing.com
Nom DNS=*.ssl.bing.com
Nom DNS=*.appex.bing.com
Nom DNS=*.platform.cn.bing.com

After I hit refresh three times, I'm redirected to login.microsoftonline.com. But if I go back to https://portal.office.com, the error disappears, and the certificate is as follows:
- certificate name is:
CN = portal.office.com
OU = Microsoft Corporation
O = Microsoft Corporation
L = Redmond
S = WA
C = US

- other names is:
Nom DNS=portal.office.com
Nom DNS=portal.microsoftonline.com
Nom DNS=portalprv.microsoftonline.com
Nom DNS=ncuportalprv.microsoftonline.com
Nom DNS=scuportalprv.microsoftonline.com
Nom DNS=wusportalprv.microsoftonline.com
Nom DNS=ncuportal.microsoftonline.com
Nom DNS=scuportal.microsoftonline.com
Nom DNS=neuportal.microsoftonline.com
Nom DNS=weuportal.microsoftonline.com
Nom DNS=seaportal.microsoftonline.com
Nom DNS=easportal.microsoftonline.com
Nom DNS=auth.office.com
Nom DNS=auth.microsoftonline.com
Nom DNS=authprv.microsoftonline.com
Nom DNS=ncuauthprv.microsoftonline.com
Nom DNS=scuauthprv.microsoftonline.com
Nom DNS=wusauthprv.microsoftonline.com
Nom DNS=ncuauth.microsoftonline.com
Nom DNS=scuauth.microsoftonline.com
Nom DNS=neuauth.microsoftonline.com
Nom DNS=weuauth.microsoftonline.com
Nom DNS=seaauth.microsoftonline.com
Nom DNS=easauth.microsoftonline.com
Nom DNS=ncuportal.office.com
Nom DNS=scuportal.office.com
Nom DNS=neuportal.office.com
Nom DNS=weuportal.office.com
Nom DNS=seaportal.office.com
Nom DNS=easportal.office.com
Nom DNS=ncuportalprv.office.com
Nom DNS=scuportalprv.office.com
Nom DNS=wusportalprv.office.com
Nom DNS=ncuauth.office.com
Nom DNS=scuauth.office.com
Nom DNS=neuauth.office.com
Nom DNS=weuauth.office.com
Nom DNS=seaauth.office.com
Nom DNS=easauth.office.com
Nom DNS=ncuauthprv.office.com
Nom DNS=scuauthprv.office.com
Nom DNS=wusauthprv.office.com
Patk7

9 Posts
They've confirmed the issue and appear to have fixed it:

"Closure Summary: On Thursday, July 10, 2014, at approximately 3:57 PM UTC, engineers identified an issue in which some customers may have encountered intermittent certificate errors when navigating to the Office 365 Customer Portal. Investigation determined that a recent update to the environment caused impact to a limited portion of capacity which is responsible for handling site certificate authorization. Engineers reconfigured settings to correct the underlying issue which mitigated impact. The issue was successfully fixed on Thursday, July 10, 2014, at 5:54 PM UTC. Upon analysis of the incident, service impact was determined to be limited. Next steps have been identified and will be implemented to ensure that the issue does not reoccur. Please consider this Closure Summary the final update on the event.

Customer Impact: Affected customers may have encountered intermittent certificate errors when navigating to the Office 365 Customer Portal.

Incident Start Time: Thursday, July 10, 2014, at 3:57 PM UTC
Incident End Time: Thursday, July 10, 2014, at 5:54 PM UTC

Preliminary Root Cause: A recent update to the environment caused impact to a limited portion of capacity which is responsible for handling site certificate authorization."
Patk7
1 Posts
I just ran across this post. We are seeing this issue (I think) with some of our terminal servers (running 2003).

Can you let me know if this is related to this issue?

Technical details

The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information.
Error type: Malformed certificate
Subject: portal.office.com
Issuer: Microsoft IT SSL SHA2
Public key hashes: sha1/qGh5TVuNCtqMIZjTetn+hKDy+0E= sha256/P4qPmyRP...............................................

We are only seeing this on 2003 machines. Started today.
Patk7
1 Posts

Sign Up for Free or Log In to start participating in the conversation!