Am I or is GlobalTrust affected by the OpenSSL vulnerability in Debian reported May 13, 2008?
Intended Audience: Web hosts, web server administrators, technical personnel responsible for generating CSRs and installing SSL certificates on web servers.
On May 13th, 2008 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. Details can be found here:
http://www.debian.org/security/2008/dsa-1571
Please note that this vulnerability does not affect GlobalTrust or our PKI infrastructure in any way. The vulnerability affects the way PRIVATE keys are generated, a process which occurs on your systems.
If your CSR was
# Generated since 2006-09-17 # Generated with Etch, Lenny or Sid (Sarge is not vulnerable) # Generated using 'openssl', 'ssh-keygen', or 'openvpn --keygen' (GnuPG and GNUTLS are not affected)
you must
# Generate a new CSR and key pair # Replace your certificate (GlobalTrust provide the free replacing service.) # Download and install your new certificate. # Revoke you replaced certificate.
A complete list of Debian based distributions can be found here: