Facebook’s Tor gateway will be out of commission for a week or two after a TLS certificate expired.
“Our onion service, facebookcorewwwi.onion, is temporarily unavailable while we await renewal of our TLS certificate. In the meantime, Facebook is still accessible via facebook.com using Tor Browser,” the company posted on the Facebook Over Tor page.
The social media company unveiled the dedicated Tor address in 2014 so Tor users could access Facebook without being locked out of their accounts.
While the announcement prompted speculation that the lengthy downtime portends something more ominous, “the reality is that most companies experience what is happening with Facebook all the time, and it’s very common for it to take days, or even weeks, to renew TLS certificates,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Most companies don’t have good visibility into every certificate they are using and where they are installed. To make matters worse, when something like this happens replacing certificates is often a manual process, so human error is frequently a key contributor to slow recovery times.”
Noting that “TLS keys and certificates serve as machine identities” that “secure and protect nearly every transaction in our global digital economy,” Bocek said “it’s only when certificates for high profile applications or services expire the impact becomes really visible.”