[Cryptech Core] cryptech.is TLS server certificate changed (HeartBleed)

Rob Austein sra at hactrn.net
Tue Apr 8 06:17:35 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Due to the so-called "HeartBleed" bug (see http://heartbleed.com/),
I've upgraded OpenSSL on cryptech.is to release 1.0.1g, but, due to
the nature of the bug, it was also necessary to roll the TLS server
key.  So the TLS EE certificate has changed.  

Those of you who are using my CA certificate should still be able to
validate (the bug doesn't compromise CA keys, so there was no need to
roll it), but if you were using the EE certificate directly, you may
need to update your copy.

Fingerprints for the new EE certificate (generated with
"openssl x509 -fingerprint -sha512 -noout -in cryptech.cer", etc): 

SHA1   7B:10:AC:7C:07:07:9F:CE:B2:95:9E:CD:70:FD:FC:64:CD:62:07:8B

SHA256 9E:01:77:68:0E:43:60:E3:2D:CB:3C:B6:97:BF:70:A5:C0:49:EE:07:28:9E:AF:8E:A1:E9:C1:A8:EA:C5:29:F2

SHA512 FD:7E:93:24:00:B4:7A:EE:93:CE:C1:66:8F:D6:5A:A2:42:E1:DE:20:C8:0A:52:D7:1A:BB:8E:70:91:29:45:9C:7E:C7:83:43:46:0B:83:E1:8E:72:8B:C8:6B:78:EF:AD:A0:C8:A6:AD:DC:72:1D:3B:0E:83:BA:13:49:B1:AB:7C

Those of you who like doing business with commercial CAs, do let me
know what kind of response time you see when rolling your keys. :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBU0OUf7Jw54Etxv+CAQoBewgApUFaLA+3BfdBR97yOq7Cj0cgKuucac7a
abgGMt40XJ1Q3ZKGtuVtVwGWZSEMzJDfalac08W4eEs4PVrR+6xwKKm4A7bXAtay
pxcptCpu23StYpQBS2+m7Em0sCOtEVOJe5xPtnaggB7aLtMXLocpGuJpvV9g7DWl
1uHWDI728tqw+Qz05CeIH8kDTFPNSiT9+Cs+eYFK84w7MzSHFM4c8Z0cgoAjNYg/
ijxcenzcfphJocpEmY8BGQ2lbh08lsWlPg5ccHi78OqOrK3vpzJDF49GkrSg2/8m
KLKr6xt/deI7YH10pfZVGBKrF3GQ1CHWQdtBh5+c4wiwQSdFaKCi2A==
=v8JJ
-----END PGP SIGNATURE-----



More information about the Core mailing list