Russia loses digital site passports: why this is dangerous for users in Israel

GlobalSign has begun gradually revoking some SSL/TLS certificates previously issued to Russian companies. For Israel, this is not a direct threat to internet infrastructure, but an important signal for Russian-speaking users, businesses, and everyone who continues to use Russian banks, government services, and online services.

GlobalSign has started revoking SSL certificates from Russian companies: how this might affect Israel

The certification authority GlobalSign, owned by the Japanese GMO Internet Group, has begun the process of forcibly revoking some SSL/TLS certificates previously issued to Russian companies. This was reported by RBC with reference to a letter from the head of the Russian division of the company “GMO Global Sign Russia,” Dmitry Ryzhikov, to partners.

According to the publication, the revocation began gradually on the morning of June 13, 2026. Technically, it concerns certificates that allow websites to operate through a secure connection https://. In a political-technological sense, this is another sign that the Russian internet is increasingly separating from the global digital trust system.

The reason cited is the updated requirements of the international consortium CA/Browser Forum. This structure sets rules for certification authorities and browsers. The new regulations require taking into account international sanction restrictions and checking clients against sanction lists.

For the average user, this sounds complicated, but the essence is simple: if a site uses a certificate that the browser no longer trusts, a person may see a warning “connection not secure”, “your connection is not private”, or may not be able to access the desired resource at all.

What is GlobalSign and why is it important

GlobalSign is one of the major international certification centers. Such companies issue SSL/TLS certificates to websites. They can be called digital passports for websites.

When a user opens a site, the browser checks whether the certificate is valid, who issued it, whether it has been revoked, and whether it matches the domain. If everything is in order, the site opens through https://, and the connection is considered secure. If the certificate is revoked, the browser stops trusting the connection.

This is especially important for banks, government services, personal accounts, payment systems, corporate portals, and applications where the user enters logins, passwords, documents, financial or personal data.

GlobalSign is not a free mass service like Let’s Encrypt. It is a commercial provider often used by large companies, banks, hosting providers, corporate clients, and infrastructure services. Therefore, the revocation of such certificates can be more painful than a regular technical error on a small site.

Which Russian sites might have been affected

There is no complete official list of Russian sites whose GlobalSign certificates are being revoked at the time of publication. This is an important detail: it cannot be asserted that all major Russian sites simultaneously lost accessibility.

However, well-known Russian resources and services where GlobalSign was used or recently noted were mentioned in public technical checks and reports around this story. Examples included T-Bank, Rosselkhozbank, MAX, certain services of Gosuslugi, some government and infrastructure domains, as well as resources of registrars and hosting providers.

But this list should be read with caution. Certificates can be quickly replaced. Some sites may switch to other international centers, some to Russian certificates, and some to temporary technical solutions. Therefore, the correct formulation is: GlobalSign was used or recently noted on a number of well-known Russian resources, but the current status of each site needs to be checked separately.

According to estimates from sources in the hosting provider market, tens of thousands of domains may be at risk. However, this does not concern the entire Russian internet, but a part of Russian clients of GlobalSign.

Why this is not just “a site broke”

SSL/TLS certificate is not a decorative detail. It is part of the basic trust system on the internet.

A site can physically work. The server can respond. The domain can be active. But if the browser sees that the certificate is revoked or invalid, it warns the user: this connection cannot be trusted.

For banks and government services, this is critical. A user may not understand what happened and decide that they are being blocked by the browser, internet provider, or the application itself. In reality, the problem may be that the international trust system no longer recognizes a specific certificate.

That is why the GlobalSign story is more important than it seems. It is not just news for system administrators. It is a story about who in the modern internet has the right to confirm the authenticity of websites.

How this might affect Israel

For Israel, the revocation of GlobalSign certificates from Russian companies is not a direct threat to the national internet infrastructure. Israeli banks, government sites, medical funds, payment applications, and main online services should not be affected by this story if they are not connected to Russian sanctioned structures.

But there is indirect influence.

There is a large Russian-speaking audience living in Israel. Many people still use Russian banks, personal accounts, pension and tax services, government service sites, mail, operator accounts, real estate services, insurance platforms, or applications related to Russian documents and accounts.

If such a site loses a trusted international certificate, a user from Israel may see a security error or may not be able to log into their personal account. This can be especially painful for elderly immigrants, people with financial or document issues in Russia, and those who do not understand technical details.

NAnews — News of Israel notes: for the Israeli audience, this story is important not because it threatens Israeli sites directly, but because many Russian-speaking users in Israel are still connected to Russian digital services.

Business connections may also experience disruptions

Problems may also arise for those who work with Russian clients or documents. These can be lawyers, accountants, logisticians, consultants, travel and medical intermediaries, family specialists, translators, companies that help with document processing or accompany financial issues.

If a Russian bank, portal, account, or corporate resource stops opening normally in an international browser, it creates delays. Not because Israel blocks Russian sites, but because Russian sites become less compatible with the global digital infrastructure.

This is a fundamental difference. An Israeli user can be in Bat Yam, Haifa, Ashdod, Tel Aviv, or Jerusalem, using a regular Chrome, Safari, or Firefox — and encounter access problems to a Russian resource not due to Israeli restrictions, but because the certificate of this resource is no longer recognized as trusted.

Main risk: Russian root certificates

The most important part of this story for users in Israel is not the browser error itself, but possible bypass instructions.

Russia has been developing its own TLS certificate system through national certification authorities for several years. Russian sites may offer users to install a Russian root certificate, use a Russian browser, or change security settings so that the site opens without warnings.

For a user in Israel, this can be more dangerous than the temporary inability to open a site.

Root certificate is not an ordinary program or a simple update. It is an element that the device begins to trust at the system level. If a person installs such a certificate on a phone or computer where they have an Israeli bank, Bit, PayBox, Kupat Holim, work email, personal documents, and Israeli government services, they are essentially changing the trust model of their device.

This does not mean that every such certificate is automatically used for an attack. But it means that an ordinary user should not install such things without fully understanding the consequences.

For NAnews — News of Israel, the key takeaway is that digital security has become part of big politics today: war, sanctions, browsers, banks, and users’ personal phones are all linked into one trust system.

Why this creates grounds for fraudsters

In the wake of such news, fraudsters almost always become active. They may send messages in Russian with phrases like:

“Install a new certificate to access the bank”
“Your account is blocked due to certificate revocation”
“Download a secure browser”
“Update access to your personal account”
“Confirm login via link”
“Pass a security check”

For Russian-speaking users in Israel, this is especially dangerous. Fraudsters may use real news as a pretext for a phishing attack. A person hears that certificates are indeed being revoked, receives a message with “instructions,” and may believe that this is an official solution to the problem.

The main rule is simple: do not install certificates from Telegram, WhatsApp, SMS, emails, or unknown sites. Do not enter login and password after following a link from a message. Do not download “security updates” from unclear pages. If there is a problem with a bank or service, you should access it through the official app, official site, typed manually, or contact support at the number published on the official resource.

Russia’s digital isolation is deepening

The story with GlobalSign shows that sanctions against Russia work not only through banks, oil, technology exports, or military restrictions. They reach the basic layer of the modern internet — the trust between the site, browser, and user.

After the start of the full-scale war against Ukraine, Russia is gradually losing normal compatibility with global systems: payments, app stores, cloud services, technology licenses, equipment supplies, updates, and international digital tools.

Now the certificate system is also under threat. This does not mean that the Russian internet will disappear. It will seek workarounds, develop its own certification centers, move users to national solutions and Russian browsers. But for the outside world, such an internet becomes less convenient, less compatible, and less trusted.

For Israel, this is an important signal. A technological country that lives in a global cybersecurity system should be attentive to any attempts to draw users into alternative trust systems, especially if it concerns services of a country under international sanctions and waging war against Ukraine.

What users in Israel should do

There is no need to panic. The Israeli internet infrastructure is not collapsing from this story. But those who continue to use Russian sites and applications should be more cautious.

If a Russian bank or service site stops opening, there is no need to immediately look for a “bypass” in messengers. Do not install certificates sent in a chat. Do not disable browser protection. Do not follow links from random messages.

It is better to check information through the official site of the service, official application, support service, or another reliable channel. If a resource offers to install a root certificate, it is worth thinking separately about which device this is done on and what other services are used on the same device.

Those who use both Russian services and Israeli banks, medical applications, work email, government sites, and payment systems on one phone should be especially careful.

Main conclusion

The revocation of GlobalSign certificates is not just a technical failure and not another internal Russian problem. It is a story about the loss of trust.

Russian sites may continue to work physically, their servers may be on, domains may open, but if international browsers no longer trust their certificates, users around the world, including Israel, face a new level of Russia’s digital isolation.

For Israelis, this news is important not because of a threat to local sites, but because of personal digital security. If a person in Israel continues to use Russian services, they need to understand: the main danger may not be that the site temporarily did not open, but what “instructions for restoring access” they will be offered after that.

In the modern internet, trust is infrastructure. And when a country loses access to the global trust infrastructure, the consequences are felt not only by companies and site administrators but also by ordinary users, their phones, banking applications, documents, and personal data.