Security Bytes

May 19 2008   2:29PM GMT

VeriSign offering free re-issues of SSL certificates

David Schneier David Schneier Profile: David Schneier

In response to the mess created by the OpenSSL vulnerability in Debian-based Linux distributions, the folks at VeriSign are offering to re-issue SSL certificates to any of its customers who believe their certificates may have been compromised. VeriSign officials say that none of the certificates issued by its brands, including GeoTrust, thawte, RapidSSL and VeriSign, is affected directly by the flaw, but customers who use one of the affected Linux distributions could have used that OS to generate key pairs for one of the certificates, which would in turn make the certificate vulnerable.

The implications of the OpenSSL flaw are far-reaching and security experts say that it’s difficult to know how many users are affected and whether there have been any widespread attacks exploiting the problem. But there have been some reports of isolated attacks, so it’s wise to update your certs and encryption keys as soon as you can.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: