Meesterlijk
Verified User
*****************************************************************************
Linux Operating System Security Flaws May Have Compromised Your Certificates.
Replace Them Now at No Charge.
*****************************************************************************
We are writing to inform you of a recent exposed security flaw with certain versions of
Linux so you may take immediate action and protect your site and your customers
against any vulnerability. If you or your customers are not using Debian or one of its
derivatives there is nothing you need to do.
WHO IS IMPACTED AND WHY?
For customers who used a Debian OS (or its derivatives) to generate a key pair used to
request a certificate, that key pair (and the corresponding certificate) is vulnerable. This is
due to a flaw in the Debian-specific random number generation that results in relatively
predictable key pair values, making them highly exploitable.
RapidSSL's trusted root CAs and intermediate CAs were not impacted by this
incident.
WHAT CAN YOU DO?
If you or your customers are running Debian operating systems and derivatives (such as
Ubuntu) released between September 17, 2006 and May 12, 2008 you should deploy a
recently released Debian patch and revoke and replace all SSL and Code Signing
certificates for which keys were created on these operating systems. Debian has
released a testing tool to confirm whether your certificates are affected. This tool and
other useful information can be found here:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
To ensure your customers’ security, please notify them of this issue and the actions they
should take to protect their site.
To initiate the replacement process, please go to:
https://products.geotrust.com/geocenter/reissuance/reissue.do
RapidSSL is waiving the standard revoke and replace fee until June 30, 2008.
FOR MORE INFORMATION.
For additional information, please visit the RapidSSL Support site at:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD91&actp=LIST.
Sincerely,
Chris Babel
Senior Vice President, SSL
RapidSSL
Linux Operating System Security Flaws May Have Compromised Your Certificates.
Replace Them Now at No Charge.
*****************************************************************************
We are writing to inform you of a recent exposed security flaw with certain versions of
Linux so you may take immediate action and protect your site and your customers
against any vulnerability. If you or your customers are not using Debian or one of its
derivatives there is nothing you need to do.
WHO IS IMPACTED AND WHY?
For customers who used a Debian OS (or its derivatives) to generate a key pair used to
request a certificate, that key pair (and the corresponding certificate) is vulnerable. This is
due to a flaw in the Debian-specific random number generation that results in relatively
predictable key pair values, making them highly exploitable.
RapidSSL's trusted root CAs and intermediate CAs were not impacted by this
incident.
WHAT CAN YOU DO?
If you or your customers are running Debian operating systems and derivatives (such as
Ubuntu) released between September 17, 2006 and May 12, 2008 you should deploy a
recently released Debian patch and revoke and replace all SSL and Code Signing
certificates for which keys were created on these operating systems. Debian has
released a testing tool to confirm whether your certificates are affected. This tool and
other useful information can be found here:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
To ensure your customers’ security, please notify them of this issue and the actions they
should take to protect their site.
To initiate the replacement process, please go to:
https://products.geotrust.com/geocenter/reissuance/reissue.do
RapidSSL is waiving the standard revoke and replace fee until June 30, 2008.
FOR MORE INFORMATION.
For additional information, please visit the RapidSSL Support site at:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD91&actp=LIST.
Sincerely,
Chris Babel
Senior Vice President, SSL
RapidSSL