Speak EV - Electric Car Forums banner

1 - 20 of 21 Posts

·
Registered
Joined
·
1,956 Posts
Discussion Starter #1
well, sort of.

They let their SSL certificate expire on their web site. As such, nobody with a decent web browser will be able to top up their account, or look at their charger map without jumping through hoops to weaken their security, and I guess that their mythical mobile phone app will refuse to work as well (I've never seen it, since I don't have an iphone).

I've emailed them, but there's no response. It's been down since Friday.
 

·
Registered
Joined
·
3,308 Posts
well, sort of.

They let their SSL certificate expire on their web site. As such, nobody with a decent web browser will be able to top up their account, or look at their charger map without jumping through hoops to weaken their security, and I guess that their mythical mobile phone app will refuse to work as well (I've never seen it, since I don't have an iphone).

I've emailed them, but there's no response. It's been down since Friday.
Genius ! You got to love these technology firms ;)
 

·
Registered
Joined
·
356 Posts

·
Registered
Joined
·
1,324 Posts
That's what the 10 minutes was for :p

The process is pretty automated these days with most providers especially if you're just renewing a cert you already have.

That said, the process of reminders about expiry is pretty automated too.. they must have been asleep at the wheel not to notice.
 

·
Registered
Joined
·
1,956 Posts
Discussion Starter #13
That's what the 10 minutes was for :p

The process is pretty automated these days with most providers especially if you're just renewing a cert you already have.

That said, the process of reminders about expiry is pretty automated too.. they must have been asleep at the wheel not to notice.
I've worked on legacy systems before where there was no handover from the previous maintainer, no documentation, and renewing certificates was bogged down in big corporate red tape to get every purchase request go out to competitive tender, even for what is in effect, an ongoing subscription. What should have been a 10 minute job turned into a three month process. It then transpired that the certificate needed to be loaded into three different application frameworks on the same host, all undocumented, with different certificate formats required, and of course, the application support contract with the application vendor hadn't been renewed in years; even if it had, they had staff churn and no documentation either.

These days, there's letsencrypt / certbot, which on some platforms just does it all, or at least can easily script the renewal process, and for many systems, is good enough.

Moral of the story, even if you think you're going to be the only person looking after a system, document what you've done and how to look after it, including the process for renewing 'consumables' like SSL certificates. Don't accept systems into production without such documentation.
 

·
Registered
Joined
·
356 Posts
Let's not even mention HPKP policies..

They probably don't implement it though..
 

·
Registered
Joined
·
4,375 Posts

·
42k miles on public charging. Am I an expert yet?
Joined
·
2,613 Posts
And people here want these companies to be processing credit and debit card payments from remote terminals.........:eek:

I'll stick to an account that's settled monthly, linked to an RFID card, thanks! That way at least there's a vague hope of security...
 
1 - 20 of 21 Posts
Top