<html><head></head><body>Most SSL certificate providers are allowing their customers to revoke & reissue certificates at no charge as long as none of the details (including verification method) change.<br>
-Adam<br>
<br><br><div class="gmail_quote">On April 10, 2014 6:04:18 PM CDT, Trevor Cordes <trevor@tecnopolis.ca> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Most people have probably heard about this already, but if not, *patch <br />your OpenSSL now!* and restart your daemons.<br /><br />CVE-2014-0160<br /><br /><a href="http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping">http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping</a>/<br /><br />For some reason you (sometimes) have to reload that page a few times <br />before it actually loads.<br /><br />This is the worst bug I've seen in like 10 years, insofar as you may have <br />been compromised already, but you don't (can't!) know it and they may be <br />sitting there with your keys, waiting to actually make use of them at a <br />later date.<br /><br />From how I read it, the only way to be safe & sure is to make a new CSR <br />and buy a new SSL cert? Or are the cert vendors going to offer a "redo" <br />for free?<br /><hr /><br
/>Roundtable mailing list<br />Roundtable@muug.mb.ca<br /><a href="http://www.muug.mb.ca/mailman/listinfo/roundtable">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br /></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>