Cloudflare Addresses Unauthorized TLS Certificate Issuance for 1.1.1.1
September 4, 2025 – Cloudflare has today published a detailed account of an incident involving the unauthorized issuance of multiple Transport Layer Security (TLS) certificates for its popular public DNS resolver, 1.1.1.1. The company has assured users that this issue has been fully addressed and that no user data or services were compromised.
In their blog post, “Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1,” published at 17:30 UTC on September 4, 2025, Cloudflare outlined the timeline and technical details surrounding the discovery and resolution of this event.
What Happened?
The incident stemmed from an interaction with a third-party certificate authority (CA). Cloudflare detailed how an unauthorized party was able to convince the CA to issue TLS certificates for domains under the 1.1.1.1 namespace. These certificates are crucial for securing encrypted connections to online services, ensuring the privacy and integrity of data exchanged.
Cloudflare’s Swift Response
Upon discovering the unauthorized certificates, Cloudflare acted with urgency. Their security teams immediately initiated a thorough investigation to understand the scope of the issue and the methods used by the unauthorized actor. Critically, they also took immediate steps to revoke all improperly issued certificates, effectively neutralizing any potential risk.
Furthermore, Cloudflare has reported the incident to the relevant authorities and is working closely with the compromised CA to prevent similar occurrences in the future. This collaborative approach is vital for maintaining the trust and security of the broader internet ecosystem.
No Impact on Users
A key takeaway from Cloudflare’s announcement is the assurance that this incident did not impact the availability or security of the 1.1.1.1 DNS service for end-users. Cloudflare’s robust security infrastructure and prompt response mechanisms ensured that this event did not lead to any disruption or compromise of user data. The company emphasized that the unauthorized certificates were for internal domains and not those directly accessible by end-users for DNS resolution, further mitigating any potential direct impact.
Strengthening Future Security
Cloudflare has stated that they are implementing additional safeguards and reviewing their internal processes to further enhance their security posture. This commitment to continuous improvement reflects their dedication to protecting their users and the services they rely upon. The company also reiterated its commitment to transparency by sharing this information publicly.
This incident serves as a reminder of the constant vigilance required in cybersecurity. Cloudflare’s proactive communication and swift resolution demonstrate their commitment to maintaining the trust and security of their global user base.
Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1
AI has delivered the news.
The answer to the following question is obtained from Google Gemini.
Cloudflare published ‘Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1’ at 2025-09-04 17:30. Please write a detailed article about this news in a polite tone with relevant information. Please reply in English with the article only.