Results 1 to 2 of 2

Thread: Openssl upgrading and certificates

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    417

    Openssl upgrading and certificates

    Hi,

    I was wondering about upgrading openssl and certificates made using the older versions of openssl. If I make a certificate with one version then then some vulnerabliility comes out. If I upgrade to the new version of Openssl then the certificate made with the old version still has the vulnerabilities of the older version. So would I have to recreate the certificate? Doesn't that change the actuall signature of the certificate and cause problems.

    Thanx

  2. #2

    Re:Openssl upgrading and certificates

    Did you sign your certs yourself or are they signed by a root CA like Verisign? If you signed them yourself, I would just recreate them. If you went with someone like Verisign, then I think you can have them reissued for about $100. Of course, you'll have to go through the whole bit about sending them a new CSR, having your old certs put on a revocation list, and all that jazz. I'm imagining all of which is not too hard.

    However, I don't think that upgrading SSL will effect your certs unless you somehow delete your public/private key pairs in the process. Also, I'm not so sure that OpenSSL vunerablities effect the cert it generated so much as the SSL service itself. Most of what I have seen posted at CERT.org concerning OpenSSL are buffer overflows. None of the fixes mention resigning your certificate. I would only recreate certs if you were interested in using a higher cipher strength or a different encoding scheme.

Similar Threads

  1. OpenSSL
    By honey bee in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 01-15-2007, 07:30 PM
  2. SSl certificates!
    By honey bee in forum Linux - Hardware, Networking & Security
    Replies: 7
    Last Post: 11-02-2006, 11:58 AM
  3. Website certificates
    By elovkoff in forum Linux - Software, Applications & Programming
    Replies: 8
    Last Post: 07-27-2004, 04:42 AM
  4. Digital Certificates, free
    By Fatal Error in forum Linux - Software, Applications & Programming
    Replies: 9
    Last Post: 07-21-2004, 03:38 AM
  5. ssh and new openssl installation
    By Blaqb0x in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 07-29-2002, 06:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •