Quick non technical question about Heartbleed Bug

7 pointsjsanroman11y ago3 comments

Do we have to pay to reissue our SSL certificates? If we do then this is the best thing that happened to the SSL certificate vendors and they have all the incentive to be vulnerable

3 comments

patio1111y ago

No, you should not have to pay to get an SSL certificate rekeyed. Some providers may ask for money if you want to revoke the cert, if -- for example -- you believe your private keys may have been compromised and you want people's browsers to go nuts if they see that cert in the future, at (for example) a site attempting to MITM you.

jsanromanOP11y ago

Thanks!

rdl11y ago

This depends on which CA you're using. Some do not have a way to reissue/rekey at arbitrary times (StartCom, in particular), and charge for revocation. Most allow free reissue, and often don't charge for revocation and replacement issue.

1 more reply

j / k navigate · click thread line to collapse