Certificate Watch Demonstrating that Microsoft is not alone in its inability to keep track of certificates is UK power market biz Elexon.
Elexon is an important cog in the UK’s wholesale electricity market machine and provides operational data via its Insight Solution platform. Want to know the balance of fuel types used in power generation? No problem – there’s a report for that. Perhaps you’re curious about demand and reserves? Again, no problem – there is useful data available to plot when demand might exceed supply.
There’s also a handy API for users who want to roll their own dashboards or use the organization’s data in their planning.
Or there would be if it weren’t for a pesky expired TLS certificate.
An eagle-eyed Register reader spotted the problem when accessing data.elexon.co.uk, noting that Elexon’s servers appeared to be having a liedown due to the expired certificate. A glance at the certificate indicates that it was valid until July 8, 2024. By July 9, however, it’s a different story.
While getting a certificate warning is an inconvenience on the browser, receiving the same from an API service can render many integrations inoperative since, quite correctly, an invalid certificate means the connection is not secure, and the data transmitted on it could be modified or stolen.
According to Elexon, Insights Solution is “the primary channel for providing operational data relating to the GB Electricity Balancing and Settlement arrangements.”
Furthermore, “It is used extensively by market participants to help make trading decisions and understanding market dynamics and acts as a prompt reporting platform as well as a means of accessing historic data.”
It’s heady stuff, but amid all the demand forecasting, the organization appears to have forgotten to forecast when its TLS certificate will expire.
We contacted Elexon to find out how the certificate came to be expired, and what steps the outfit took to resolve the situation and ensure it would not be repeated. We have yet to receive a response, but we noted that the certificate had been quietly renewed during the lunch period.
s
So, only half a day of outage. Hopefully, the UK’s electricity providers won’t follow suit.
Expiring certificates are the bane of an integrator’s life, and it appears that no organization is immune from the chaos that can come from failing to maintain a spreadsheet with a list of dates.
We’re prepared to do our bit to make the online world a safer place, so if you stumble across an example of an expired certificate where one should not be, please email your findings to Vulture Central for inclusion in Certificate Watch ®.
 
 