[TYPO3-typo3org] SSL certificate expiring in two weeks
s.grossberndt at sidebysite.de
Fri Apr 11 15:16:36 CEST 2014
Am 11.04.2014 13:46, schrieb Steffen Gebert:
> as we are running Debian Wheezy on several servers, yes, we were
> vulnerable to the Heartbleed attack.
> There was the plan to publish a statement about how we were affect, I
> admit that I don't know the current status, as I haven't had so much
> spare time the last days.
I can imagine.
> The new certificate was installed about at the same time as the
> updates were installed. However, we found a component (our Chef
> server) that was still running a vulnerable version, as it brings its
> own openssl library.
Bad timing. :-(
> Therefore our team generated a new key this morning, the CSR was afaik
> already sent and we will rollover to another new cert during during
> the next couple of hours (and then revoke the old certificate).
Ok. So I guess a statement to change passwords will come up after that.
It doesn't make sense to do that before having installed the new cert.
Thank you very much for the detailed information.
More information about the TYPO3-team-typo3org