http://securityratty.com/tag/rapidssl Sat, 17 May 2008 03:20:37 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss http://securityratty.com/article/efb481208ef9b0e30c0410f3cd14b3f4 http://securityratty.com/article/efb481208ef9b0e30c0410f3cd14b3f4 the recent severe bug in Debian's OpenSSL implementation, VeriSign is offering free reissuance of certificates. Patching the flawed software is not enough: certificates containing public keys generated by the buggy versions of OpenSSL have to be revoked and replaced with new copies generated by fixed versions of the software. For customers of trusted certificate authorities this also means having the CA resign the certificate. CAs normally charge for revoking and replacing certificates, but because a software error is involved, VeriSign is not charging for revocation and replacement of VeriSign, Thawte, GeoTrust, and RapidSSL SSL Certificates. This includes code signing certificates as well as SSL certificates.
]]> Sat, 17 May 2008 03:20:37 +0000 verisign software error software rapidssl ssl openssl implementation recent severe bug openssl ssl buggy versions Free Certificate Reissuance From VeriSign