Microsoft has spent more than $15 billion building one of the largest global cloud computing infrastructures. An SSL certificate can be had for as little as $70 a year from a commercial certificate authority, or can be effectively free if you issue your own, as Microsoft does.
So how did an expired SSL certificate crash the Windows Azure storage cloud computing platform Friday and Saturday? It’s an expensive question for Microsoft.
“Given the scope of the outage, we will proactively provide credits to impacted customers in accordance with our SLA,” wrote Steven Martin, General Manager of Windows Azure Business & Operations, in a blog post. “The credit will be reflected on a subsequent invoice.”
The global outage for encrypted storage traffic began Friday at 12:44 PM PST, and services were restored to 99% worldwide by 1:00 AM PST on Saturday. Full availability wasn’t restored until 8:00 PM PST Saturday, placing the outage duration at 12 hours for most users but as much as 24 hours of impact for some. Up to 52 different Microsoft services reported performance problems during the outage, including Xbox Live.
“Windows Azure Storage experienced a worldwide outage impacting HTTPS traffic due to an expired SSL certificate,” Martin reported. “HTTP traffic was unaffected but the event impacted a number of Windows Azure services that are dependent on Storage.”
This marks the second time in a year in which Microsoft has issued a service credit for problems associated with an SSL certificate. Last Feb. 29 a “Leap Year Bug” triggered a date-related bug with a security certificate. The incident left Azure customers unable to manage their applications for about 8 hours and knocked Azure-based services offline for some North American users.