The 2015 incident involving a fake SSL certificate from MCS Holdings and Google serves as a valuable lesson in internet security and certificate management. While the event is historical, the principles it illustrates remain highly relevant today. This page is designed for educational purposes, helping businesses understand the risks associated with misissued SSL/TLS certificates and the importance of maintaining strong cybersecurity practices.
At Cortec IT Solutions, we use such examples to emphasise why modern IT security measures, including trusted SSL certificates, certificate monitoring, and secure network practices, are critical for protecting your business. Even years later, the lessons from historical SSL incidents continue to inform our approach to keeping companies in Kent and the South East secure online, ensuring that encrypted traffic is trustworthy and your systems remain resilient against potential threats.
What Businesses Need to Know About Historical Fake SSL Certificates
SSL certificates are the backbone of secure internet communication, ensuring data between your website and visitors remains private and protected. Occasionally, unauthorised or misissued certificates make headlines, reminding businesses of the importance of proper SSL/TLS management.
It occurred in 2015, when the Egyptian company MCS Holdings issued unauthorised intermediate certificates for some Google domains. While Chrome and Firefox were able to detect these dodgy certificates and block access, other browsers may have been vulnerable, potentially exposing sensitive data such as passwords and emails. Google quickly resolved the issue, and no evidence of abuse was reported.
Although this incident is historical, it highlights ongoing risks: fake or misissued certificates can allow attackers to intercept encrypted traffic, impersonate websites, or compromise sensitive Information if organisations aren’t vigilant. Today, certificate authorities are audited more rigorously, and modern browsers employ techniques such as certificate pinning and certificate transparency logs to detect and block suspicious certificates automatically.
What businesses can do today:
-
Always use SSL certificates from trusted certificate authorities.
-
Monitor certificates for your domains regularly using tools that track validity and authenticity.
-
Educate staff about phishing and fake websites, as attackers may attempt to exploit trust in certificates.
-
Consider professional IT support and security audits to ensure your systems are protected against current threats.
At Cortec IT Solutions, we help businesses in Kent and the South East manage their IT securely, including SSL certificate monitoring, network security, and ongoing IT support. Protect your business today by ensuring your online communication is safe and trusted. Explore our IT Support Kent services to learn how we can safeguard your digital infrastructure.
Source: Historical SSL incident involving MCS Holdings and Google (2015).
This content has been updated to reflect current best practices and IT security guidance as of November 2025.
