Are new SSL Certificates after patching Heartbleed?

486 Views Asked by TheBritishAreComing At 22 October 2024 at 10:42

We've upgraded our servers and regenerated any cpanel / dovecot / ssh keys. do our customers also need to regenerate a CSR and SSL certificates?

I've not seen any information on this aspect of things.

Thanks

Original Q&A

There are 2 best solutions below

cf- On 09 April 2014 at 13:42 BEST ANSWER

According to this thread on Unix/Linux SE,

How do I fix the vulnerability?
...
Generate new keys. This is necessary because the bug might have allowed an attacker to obtain the old private key. Follow the same procedure you used initially.

And this answer on Security SE:

It means much more than just new certificates (or rather, new key pairs) for every affected server.
...
Summarized from heartbleed.com (emphasis mine):
...
What is leaked primary key material and how to recover?

These are the crown jewels, the encryption keys themselves.

And this thread on Serverfault SE:

As noted on the Heartbleed site, appropriate reponse steps are broadly:

Patch vulnerable systems.

Regenerate new private keys.

Submit new CSR to your CA.

Obtain and install new signed certificate.

Revoke old certificates.

So yes, I strongly suggest you change any and all keys/certificates. I also recommend reading those threads in their entirety as well as some of the threads they reference. There's quite a bit of information on the bug spread across Security and Serverfault SEs.

Eun On 09 April 2014 at 13:28

With Heartbleed it is possible to retrieve the private keys.

So, if you have been vulnerable, yes, it is strongly recommended that your customers change their private keys.

Are new SSL Certificates after patching Heartbleed?

There are 2 best solutions below

Related Questions in OPENSSL

Related Questions in SSL-CERTIFICATE

Related Questions in CSR

Related Questions in HEARTBLEED-BUG

Trending Questions

Popular # Hahtags

Popular Questions