Russia establishes its own TLS certificate authority to ensure the trust of its website

Governments and private companies have announced numerous sanctions against Russia, which continues to invade Ukraine, and the Internet environment will also be affected, as Internet providers with the largest and second shares in Russia announce the suspension of services one after another. It's starting to appear. Due to sanctions, digital certificates cannot be renewed in Russia, and Russia's own TLS certificate authority has been established to solve this problem. Several websites that have already been certified by a proprietary certificate authority have appeared, and there are concerns about the interception of communications by Russia.

Russia creates its own TLS certificate authority to bypass sanctions
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/

On the modern Internet, many websites use encryption methods such as SSL and TLS to encrypt communications, and website operators issue digital certificates from certificate authorities to enable encrypted communications. I have received it. This digital certificate needs to be renewed on a regular basis, but Russia is subject to a number of internet-related sanctions, and many websites have made digital certificates unrenewable.

If you access a website whose digital certificate has not been renewed correctly with a modern browser such as Microsoft Edge, Google Chrome, or Firefox, a 'security problem' warning screen will be displayed.

To solve the above problems, Russian public service platform ' Gosuslugi ' has announced the establishment of its own certificate authority. According to overseas media Bleeping Computer, Russia's unique certificate is actually used on websites such as Sberbank, VTB, Central Bank of Russia as of March 10, 2022.

In general, it takes a long time for a new certificate authority to gain trust. However, the products of Russian companies such as Yandex already treat Russia's own certificate authority as a 'reliable certificate authority'.

'It is possible to exploit Russia's proprietary digital certificates to intercept encrypted communications and perform man-in-the-middle attacks,' Bleeping Computer said. 'Russia is not trusted at all at this time, so it is unlikely that major browsers will add the certificate of Russia's own certificate authority to the permit list,' he said.