Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: no-to-illegals

OpenSSL is open source. You can download and go through the tomes of code. Nothing about it is secret.

Changing passwords is futile unless and until the website has patched their OpenSSL servers.

Here’s what most companies, mine included, are doing right now:

1. All certification authorities (CAs) have had their private keys revoked, all certificates issued by the CAs have been revoked, the servers are patched, rebooted, and the private key is reissued.

2. All servers with certificates signed by the CA are deleted from the server certificate store. New certificate signing requests (CSRs) are generated and issued to the CA. The CA signs the new certificate, and the servers are placed back in production.

3. Any servers with self-signed certificates are patched and rebooted. The private keys are deleted and regenerated. Certificates are generated with those keys, and the servers are put back into production.

It’s seems like a minor thing, but if you don’t have the proper infrastructure in place, it could take up to 20 minutes per server. My company alone has over 3,000 servers in production.


12 posted on 04/11/2014 9:25:01 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 5 | View Replies ]

To: rarestia; Defiant; topher

Thanking Each of You for your responses.


18 posted on 04/11/2014 9:39:55 AM PDT by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 12 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson