Russian Pushing New State-run TLS Certificate Authority to Deal With Sanctions

The Russian government has established its own TLS certificate authority (CA) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country’s unprovoked military invasion of Ukraine.

According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic replacement to handle the issuance and renewal of TLS certificates should they get revoked or expired.

The service is offered to all legal entities operating in Russia, with the certificates delivered to site owners upon request within 5 working days.

TLS certificates are used to digitally bind a cryptographic key to an organization’s details, enabling web browsers to confirm the domain’s authenticity and ensure that the communication between a client computer and the target website is secure.

The proposal comes as companies like DigiCert have been restricted from doing business in Russia following sanctions by Western nations. Cybersecurity firms AvastESETFortinet, and Imperva have also suspended operations in Russia and Belarus over the Kremlin’s invasion of Ukraine.

“In response to the evolving geopolitical situation in Ukraine, DigiCert is pausing issuance and re-issuance of all certificate types affiliated with Russia and Belarus. This includes suspending issuance and re-issuance of certificates to TLDs related to Russia and Belarus, as well as to organizations with addresses in Russia or Belarus,” the public key infrastructure (PKI) provider noted in an advisory.

This includes suspending issuance and reissuance of certificates to top-level domains (TLDs) related to Russia and Belarus, counting .by, .moscow, .ru,,, .su, .tatar, .бел, .москва, .рус, and .рф.

What’s not clear is whether web browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari, intend to accept the certificates issued by the new Russian certificate authority so that safe connections to the certified servers Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *