Microsoft Site Showing Warning Following Certificate Expiry
Cybersecurity NewsArchived Jun 15, 2026✓ Full text saved
Microsoft seems to have failed certificate management after a domain used by sysadmins globally to test connectivity to Microsoft 365 started generating untrusted connection warnings in browsers on Monday. The connectivity.office.com domain a widely relied-upon tool for IT professionals to verify their network’s connectivity to Microsoft 365 and confirm that firewalls aren’t silently blocking critical […] The post Microsoft Site Showing Warning Following Certificate Expiry appeared first on Cybe
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security
Microsoft Site Showing Warning Following Certificate Expiry
By Guru Baran
June 15, 2026
Microsoft seems to have failed certificate management after a domain used by sysadmins globally to test connectivity to Microsoft 365 started generating untrusted connection warnings in browsers on Monday.
The connectivity.office.com domain a widely relied-upon tool for IT professionals to verify their network’s connectivity to Microsoft 365 and confirm that firewalls aren’t silently blocking critical Microsoft services, is now displaying a NET::ERR_CERT_DATE_INVALID error in Chromium-based browsers.
The certificate, issued by Microsoft Azure RSA TLS Issuing CA 07, expired on Sunday, June 14, 2026, at 08:38:02 UTC, having last been renewed on December 16, 2025, meaning it carried only a six-month validity window that Microsoft failed to renew in time.
The certificate viewer confirms the domain is owned by Microsoft Corporation, with the TLS certificate having a SHA-256 fingerprint of c52ca2abaffcb192ef02ff7c131504d32b0311024c4ec7f8a439c44f17347baa.
An SSL server report retrieved Monday confirmed the lapse, showing the certificate was valid for exactly 180 days before expiring without renewal. The browser warning explicitly states: “This server could not prove that it is connectivity.office.com; its security certificate expired 2 days ago.”
The connectivity.office.com domain is specifically designed to help enterprise IT teams and network engineers diagnose Microsoft 365 connectivity issues — testing whether firewalls, proxies, or network appliances are interfering with traffic to Microsoft servers.
With the certificate now expired, browsers flag the site as untrusted, and any automated tooling or scripts relying on HTTPS connections to this endpoint may fail silently or throw certificate validation errors, breaking diagnostic workflows.
Organizations that use this endpoint in network health checks or onboarding verification scripts are directly affected.
This incident is particularly embarrassing given Microsoft’s concurrent push around certificate hygiene; the company is actively urging enterprise customers to renew aging 2011-era Secure Boot certificates ahead of their own June–October 2026 expiry schedule.
Allowing a publicly facing, IT-critical domain’s TLS certificate to lapse contrasts with that guidance. Certificate lifecycle management failures are among the most preventable security misconfigurations, and automated renewal systems, which Microsoft itself promotes through Azure, exist precisely to prevent such lapses.
Microsoft has not yet issued a public statement regarding the expired certificate as of the time of writing. The company is expected to renew the certificate imminently, given the affected domain’s operational visibility.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability
Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers
SHEETCREEP C# RAT Abuses Google Sheets API as C2 to Target Diplomatic Organizations
Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands
New Shai-Hulud Attack Compromises 23 PyPI Packages to Target MCP Developers
Latest News
Cyber Security News
SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data
AI
Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users
Cyber Security News
Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click
Cyber Security News
Hackers Use Microsoft Graph Reconnaissance to Target Payroll and HR Employees
Cyber Security News
China-Nexus Hackers Use Backdoored PAM Modules for Credential Theft and Authentication Bypass