Webgecko
Verified User
Hi Guys. Hopefully this will help a few of you and save you some time.
Thawte has been testing certifcates and sending out this message...
Which is fine...
So....I proceeded to patch openSSL (FreeBSD 6.2), generated a new CSR for the client and it still failed. I've been scratching be head over this for days until I've finally tried the following.
Remove the old key, generate a new CSR and it's all worked fine. Apparently when a new CSR is generated in DA, it doesn't overwrite the existing key. The new CSR I was generating still failed stating that I had a weak key.
Solution - remove the old key....genereate a new CSR...submit CSR to Thawte...replace key.
Cheers!!
Thawte has been testing certifcates and sending out this message...
Code:
VeriSign has detected a security vulnerability for the certificate(s)
listed below.
....list of certs here....
If you'd like to confirm your CSR contains a weak key due to the Debian
OpenSSL vulnerability, use our Certificate Checker
https://www.verisign.com/support/debian-csr-checker/index.html
VeriSign regards this as a critical matter that jeopardizes the security of
your Web site and erodes the integrity of the VeriSign Trust Network.
Consequently, we are taking this matter very seriously and will begin
revoking certificates that are still affected by this flaw starting
March 31, 2009.
Which is fine...
So....I proceeded to patch openSSL (FreeBSD 6.2), generated a new CSR for the client and it still failed. I've been scratching be head over this for days until I've finally tried the following.
Remove the old key, generate a new CSR and it's all worked fine. Apparently when a new CSR is generated in DA, it doesn't overwrite the existing key. The new CSR I was generating still failed stating that I had a weak key.
Solution - remove the old key....genereate a new CSR...submit CSR to Thawte...replace key.
Cheers!!