In recent weeks we have seen a large number of sanctions and blockades on Russia and its economy. That also affects the Internet, everything related to the network. One of the problems is that the sanctions prevent the renewal of TLS certificates to verify that a website is secure and, therefore, can be opened with the main browsers without problems. Now Russia has decided to create its own Certification Authority to bypass these blocks.
Russia creates its own TLS certificate
TLS certificates are basically used by a browser, such as Chrome or Firefox, to confirm that the website belongs to a verified entity, it is safe and the exchange of information is going to be encrypted. Very useful for, for example, logging in, making a purchase or sending any type of sensitive data.
Sanctions imposed by companies and governments in many countries around the world prevent Russian websites from renewing existing TLS certificates. This means that they will expire when the date arrives and they will stop working. If they don’t renew them, browsers will block access or warn that we are entering a dangerous page.
Russia has maneuvered to try to avoid this type of problem and that its web pages are not blocked or at least that message indicating that they are dangerous does not appear. For this, it has decided to create its own Certification Authorization. The goal is to replace foreign certificates when they expire.
At the moment there are already some sites that are starting to use these certificates. For example banks like Sberbank, VTB or the Russian Central Bank. It is to be hoped that little by little it will spread to different Russian media, companies and organizations.
Operation and security problems
But not everything is as simple or beautiful as it may seem. The truth is that at the moment only the Russia-based Yandex browser and Atom products recognize these TLS certificates. This means that if someone enters from Google Chrome, Mozilla Firefox or any other program, it will indicate that this website is not secure.
From Russia they are recommending to stop using these browsers and start using Yandex. The thing is that users can manually add the Russian certificate in browsers like Chrome or Firefox. And here begins the problem of security that can affect.
Russia could use its CA certificate to intercept HTTPS traffic. That is, he could perform a Man in the Middle attack. It could steal personal information when a user logs in, bank details, passwords… Basically everything that this type of security certification protects.
Keep in mind that certification authorities globally are based on security. They do not act for criminal purposes and there is a very exhaustive control. But of course, in the times we live in and the fact that Russia generates its own TLS certificates, anything can happen and they could be used for the type of attacks we mentioned.
In addition, according to some users in internet forumshave received emails from the Russian government indicating that in order to access certain websites they have to download and install a browser that is compatible with those certificates (Yandex) and install them.
In short, to avoid blocking websites and making them unavailable when the TLS certificate expires, Russia has decided to create its own Certification Authority. However, as you have seen so far, very few browsers recognize it and it can even be a security problem.
