We have spoken to our technical support teams from all of our SSL vendors in regards to this issue and if your server runs the version of OpenSSL that is being affected by this bug (OpenSSL 1.0.1 through 1.0.1f), there are potential vulnerabilities. The first step is to have your servers patched with the new version of OpenSSL (1.0.1g) released on April 7th, 2014. As a precaution, we suggest that you re-issue the SSL. Re-issuing the SSL will have the server administrators generate a new private key on their client’s servers. Please note that re-issuing a certificate will deactivate the old one. However, if you would like your certificate’s serial number added to the CRL (Certificate Revocation List), you can contact the vendor and have the old certificate manually revoked.
Below you will find a list of URLs to the portals that will allow you to re-issue your clients’ certificates:
How to use the portals
- Enter the domain or supplier id and the contact email address on the order;
- The vendor will then send an email to the contact email address where your clients will see a link that will allow them to paste the new CSR;
- Once the information is submitted to the vendor, they will re-issue the certificate. Please note that this make take longer than usual due to this OpenSSL bug.
Comodo and Trustwave
Please send an email to firstname.lastname@example.org with the new CSR and the domain or supplier id to be reissued.
If you have any additional questions, please contact OpenSRS Support at email@example.com