Certificate Errors in Office 365 Today

Published: 2014-07-10. Last Updated: 2014-07-10 20:04:34 UTC
by Rob VandenBrink (Version: 2)
7 comment(s)

It looks like there's a mis-assignment of certificates today at Office 365.  After login, the redirect to portal.office.com reports the following error:

portal.office.com uses an invalid security certificate.

The certificate is only valid for the following names: *.bing.com, *.platform.bing.com, bing.com, ieonline.microsoft.com, *.windowssearch.com, cn.ieonline.microsoft.com, *.origin.bing.com, *.mm.bing.net, *.api.bing.com, ecn.dev.virtualearth.net, *.cn.bing.net, *.cn.bing.com, *.ssl.bing.com, *.appex.bing.com, *.platform.cn.bing.com

 

Hopefully they'll have this resolved quickly.  Thanks to our reader John for the heads-up on this!

======================================================
UPDATE (4pm EST)

Looks like this has been resolved - note from Microsoft:

Closure Summary: On Thursday, July 10, 2014, at approximately 3:57 AM UTC, engineers identified an issue in which some customers may have encountered intermittent certificate errors when navigating to the Office 365 Customer Portal. Investigation determined that a recent update to the environment caused impact to a limited portion of capacity which is responsible for handling site certificate authorization. Engineers reconfigured settings to correct the underlying issue which mitigated impact. The issue was successfully fixed on Thursday, July 10, 2014, at 5:54 PM UTC.

Great job guys - thanks much !

===============
Rob VandenBrink
Metafore

Keywords: Office 365
7 comment(s)

Comments

It works fine for me right now.
Oh nevermind, now I get the error. Weird.
[quote=comment#31421]It works fine for me right now.[/quote]

Ditto, just did a remote session for someone after all MS, Flash.. updates.. Flawless.

[quote=comment#31423]Oh nevermind, now I get the error. Weird.[/quote]

If I hear back with a problem, will submit differently.. Personally I do not use the product.. but do a security check of my customers after updates or something posted here that is not good.
I'm on that all day and I haven't seen any errors. It can't be global to the system.

Perhaps it's related to the ongoing work restoring admin role: https://portal.office.com/servicestatus/ServiceStatusDetails.aspx?ids=MO8197&type=0&xid=bUV%2fbEkWLQofjDfo7PDfT2YjC51BH%2bxGwy%2bbNgumvlo%3d
I find that if I refresh the page 3 times, the problem disappears.

At first, I get a certificate error for https://portal.office.com/ . At this time, the ceriticate is as follows:
- certificate name is:
CN = *.bing.com
- other names is:
Nom DNS=*.bing.com
Nom DNS=*.platform.bing.com
Nom DNS=bing.com
Nom DNS=ieonline.microsoft.com
Nom DNS=*.windowssearch.com
Nom DNS=cn.ieonline.microsoft.com
Nom DNS=*.origin.bing.com
Nom DNS=*.mm.bing.net
Nom DNS=*.api.bing.com
Nom DNS=ecn.dev.virtualearth.net
Nom DNS=*.cn.bing.net
Nom DNS=*.cn.bing.com
Nom DNS=*.ssl.bing.com
Nom DNS=*.appex.bing.com
Nom DNS=*.platform.cn.bing.com

After I hit refresh three times, I'm redirected to login.microsoftonline.com. But if I go back to https://portal.office.com, the error disappears, and the certificate is as follows:
- certificate name is:
CN = portal.office.com
OU = Microsoft Corporation
O = Microsoft Corporation
L = Redmond
S = WA
C = US

- other names is:
Nom DNS=portal.office.com
Nom DNS=portal.microsoftonline.com
Nom DNS=portalprv.microsoftonline.com
Nom DNS=ncuportalprv.microsoftonline.com
Nom DNS=scuportalprv.microsoftonline.com
Nom DNS=wusportalprv.microsoftonline.com
Nom DNS=ncuportal.microsoftonline.com
Nom DNS=scuportal.microsoftonline.com
Nom DNS=neuportal.microsoftonline.com
Nom DNS=weuportal.microsoftonline.com
Nom DNS=seaportal.microsoftonline.com
Nom DNS=easportal.microsoftonline.com
Nom DNS=auth.office.com
Nom DNS=auth.microsoftonline.com
Nom DNS=authprv.microsoftonline.com
Nom DNS=ncuauthprv.microsoftonline.com
Nom DNS=scuauthprv.microsoftonline.com
Nom DNS=wusauthprv.microsoftonline.com
Nom DNS=ncuauth.microsoftonline.com
Nom DNS=scuauth.microsoftonline.com
Nom DNS=neuauth.microsoftonline.com
Nom DNS=weuauth.microsoftonline.com
Nom DNS=seaauth.microsoftonline.com
Nom DNS=easauth.microsoftonline.com
Nom DNS=ncuportal.office.com
Nom DNS=scuportal.office.com
Nom DNS=neuportal.office.com
Nom DNS=weuportal.office.com
Nom DNS=seaportal.office.com
Nom DNS=easportal.office.com
Nom DNS=ncuportalprv.office.com
Nom DNS=scuportalprv.office.com
Nom DNS=wusportalprv.office.com
Nom DNS=ncuauth.office.com
Nom DNS=scuauth.office.com
Nom DNS=neuauth.office.com
Nom DNS=weuauth.office.com
Nom DNS=seaauth.office.com
Nom DNS=easauth.office.com
Nom DNS=ncuauthprv.office.com
Nom DNS=scuauthprv.office.com
Nom DNS=wusauthprv.office.com
They've confirmed the issue and appear to have fixed it:

"Closure Summary: On Thursday, July 10, 2014, at approximately 3:57 PM UTC, engineers identified an issue in which some customers may have encountered intermittent certificate errors when navigating to the Office 365 Customer Portal. Investigation determined that a recent update to the environment caused impact to a limited portion of capacity which is responsible for handling site certificate authorization. Engineers reconfigured settings to correct the underlying issue which mitigated impact. The issue was successfully fixed on Thursday, July 10, 2014, at 5:54 PM UTC. Upon analysis of the incident, service impact was determined to be limited. Next steps have been identified and will be implemented to ensure that the issue does not reoccur. Please consider this Closure Summary the final update on the event.

Customer Impact: Affected customers may have encountered intermittent certificate errors when navigating to the Office 365 Customer Portal.

Incident Start Time: Thursday, July 10, 2014, at 3:57 PM UTC
Incident End Time: Thursday, July 10, 2014, at 5:54 PM UTC

Preliminary Root Cause: A recent update to the environment caused impact to a limited portion of capacity which is responsible for handling site certificate authorization."
I just ran across this post. We are seeing this issue (I think) with some of our terminal servers (running 2003).

Can you let me know if this is related to this issue?

Technical details

The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information.
Error type: Malformed certificate
Subject: portal.office.com
Issuer: Microsoft IT SSL SHA2
Public key hashes: sha1/qGh5TVuNCtqMIZjTetn+hKDy+0E= sha256/P4qPmyRP...............................................

We are only seeing this on 2003 machines. Started today.

Diary Archives