Russia creates its own TLS certificate authority to bypass sanctions

Russia has created its own Transport Layer Security (TLS) certificate authority (CA) to help bypass website access issues caused by the sanctions. To provide context a TLS certificate allows a web browser to confirm that a domain is a verified entity and that there is encryption between the user and the server. Once certificates expire, browsers will display warnings that the pages are not secure. 

The domestic certificate authority will replace the foreign security certificate if it is revoked or expires, explained the Russian public service portal, Gosuslugi. The only web browsers that currently recognize the new CA as trustworthy are the Yandex browser and Atom products, and users are advised to utilise these instead. Users of other browsers will need to manually add the new certificate in order to continue surfing Russian sites (that have the certificate).

Russian authorities have already started recommending the transition to the new CA, and so far it has been confirmed that the sites of Sberbank, VTB, and the Russian Central Bank use these certificates.

Experts argue that the Russian certificate will not be on the list of approved certificates for most browsers, which would ultimately mean blocked access to sites that feature the new certificate. Experts also caution that CA root certificates could be abused by Russia to perform HTTPS traffic interception and man-in-the-middle attacks.