Users attempting to access subdirectories on the Statistics Canada website (https://www.statcan.gc.ca/en) have been met with frustration and confusion. Since yesterday, December 9, 2023, a significant portion of the site, specifically the subdirectories following https://www150.statcan.gc.ca/ has been rendered inaccessible. Users are encountering a disconcerting message stating, “This Connection Is Not Private” or “Website certificate revoked.” Despite the disruption, there has been no official announcement or acknowledgment from Statistics Canada officials.

Understanding “Website Certificate Revoked”: A website certificate, also known as an SSL/TLS certificate, is a crucial component of secure internet communication. It ensures that data transmitted between a user’s browser and the website’s server is encrypted and secure. When a website certificate is revoked, it means that the certificate authority (CA) has invalidated the certificate before its expiration date.

SSL Labs, a reputable source for assessing website security, highlights various reasons why a certificate may not be trusted, categorizing issues into three main groups:

Invalid Certificate:
- Activation and Expiry Issues: Certificates used before their activation date or after expiry are considered invalid.
- Hostname Mismatch: Certificates must match the site hostname to be valid.
- Revocation: Certificates that have been revoked due to security concerns will not be trusted.
- Insecure Signature: Certificates with insecure signatures are flagged as invalid.
- Blacklisting: Certificates may be invalidated if they are on a blacklist.
Invalid Configuration:
- Incomplete Certificate Chain: The certificate chain must contain all necessary certificates to connect the web server certificate to a root certificate in the trust store.
- Expired Certificates in Chain: If any certificate in the chain, excluding the web server certificate, has expired, it invalidates the entire chain.
Unknown Certificate Authority:
- Trust is established by having the root certificate of the signing Certificate Authority (CA) in the trust store.
- SSL Labs relies on the trust store maintained by Mozilla. If a web site is marked as not trusted, it means that the average web user’s browser will not trust it either.
Interoperability Issues:
- Trust may be hindered by interoperability issues between SSL Labs’ code and the server’s code or configuration.
- SSL Labs manually reviews such cases, acknowledging the difficulty in troubleshooting these problems.

The subdirectories beyond https://www.150.statcan.gc.ca/ are essential components of the website’s structure, housing specific datasets, reports, and information. The inability to access these subdirectories significantly hampers users’ ability to retrieve detailed statistical information, leading to frustration and inconvenience. Also, it raises concerns about the security of the sensitive data hosted on the website, especially given Statistics Canada’s role in providing crucial statistical information to the public.

As the public awaits an official response, the incident underscores the importance of transparent communication in the face of cybersecurity issues that impact critical government websites. Users and stakeholders deserve timely and accurate information to restore confidence in the security and accessibility of Statistics Canada’s valuable statistical resources.