Back
-
Solutions
Back
Digital Trust for:
Enterprise IT, PKI & Identity
Code & Software
Documents & Signing
IoT & Connected Devices
Manage PKI and Certificate risk in one place
Streamlined Certificate
Management and Automation:
Delivering At-Scale Uptime and Availability
Secure, update, monitor and control connected devices at scale
DOWNLOAD NOW - Buy
-
Insights
Back
Digital Trust for the Real World
Explore these pages to discover how DigiCert is helping organizations establish, manage and extend digital trust to solve real-world problems.
Ponemon Institute Report
See what our global post-quantum study uncovered about where the world stands in the race to prepare for quantum computing.
LEARN MORE >
-
Partners
Back
- Support
- Contact us
- Language
News
04-11-2014
Jeff Snider
Heartbleed and the Problem of NotBefore Date
It is standard practice among Certificate Authorities, when re-keying an SSL certificate, to keep everything in the cert the same except for information related to the actual keys that have been changed.
That includes the validity dates, which has become an issue in the past day or so as at least one tool to test for Heartbleed vulnerability is looking at the NotBefore field (the beginning date) of a certificate to determine if it was issued before or after the Heartbleed fix on Monday.
Why you can't rely on NotBefore Date
There are a couple major flaws with this approach to Heartbleed vulnerability scanning:
- A site could have a new certificate, but if they installed it before patching their OpenSSL installation, it is subject to the same vulnerabilities as the previous certificate.
- Very few certificates that have been re-keyed will show a new NotBefore date.
SSL Encryption is at the core of online data security. As such, DigiCert has released a free Certificate Inspector. The Certificate Inspector cloud-based certificate management platform allows administrators to review all certificates used by their servers and automatically ensure that they are not vulnerable to Heartbleed and a number of other critical security vulnerabilities. Certificate Inspector’s unique algorithm assigns grades to your certificates and their implementations, and provides an easy to follow list of remediation actions.
We have contacted the makers of the one tool we are aware of and urged them to change their methodology to be more in line with the actual practices of CAs. We urge the makers of any other similar tools to do the same. Until then, many sites that have patched the security hole will continue to return false positives.Check the security of any site online
Users can also review individual sites for Heartbleed protection by using the DigiCert Certificate Checker tool for free on by going to digicert.com/help. The DigiCert Certificate Checker allows users to check the security for any site on the Internet using an SSL Certificates from any Certificate Providers. The checker also includes Heartbleed Detection and ensures that sites are not vulnerable to weak keys or other server security vulnerabilities.
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2024 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings