SSL Advisory: Heartbleed Vulnerability

Main Announcement From Comodo:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1429

Recommendation From Comodo Support Mailing List:

From: cert-users-request@incommon.org [cert-users-request@incommon.org] on behalf of Kevin Gilchrist [kevin.gilchrist@comodo.com]
Sent: Wednesday, April 09, 2014 10:55 AM
To: cert-users@incommon.org
Subject: RE: [cert-users] Replace or Revoke Certificate

Hi,

It is probably best to “Add” and then “Revoke” once the new cert has been installed.

“Replace” does not automatically revoke the old certificate.

Heartbleed presents the possibility that someone has gotten the private key. This can possibly be used in a man in the middle attack where someone masquerades a site with the original cert. Revoking helps mitigate this so that the cert of the fake website is no longer valid with an OCSP check.

CM team

Public Documents

InCommon SSL Certificates - Heartbleed Vulnerability Remediation

SSL Advisory: Heartbleed Vulnerability

Main Announcement From Comodo:

Recommendation From Comodo Support Mailing List: