« PleskにてDrweb Update通知がBounceする | メイン | 頭に焼き付けるためのブランドイメージ作り »

2009年4月24日

MD5アルゴリズムの脆弱性によるSSLサーバ証明書関連。Verisign のRoot証明書更新は2009.05.17にリスケ >>サーバ 

MD5アルゴリズムで署名しているWebサーバ証明書に対して、「偽造」に成功した旨の発表が行われていた。
詳しくはこの辺。
http://www.itmedia.co.jp/enterprise/articles/0901/06/news030.html

RootCAの方もまだ更新がなされていなかったわけで。
Verisignからこんな連絡がきてた。

2009.05.17にVerisign傘下にあるGeoTrust と RapidSSLもSHA-1 1024bitになる・・・が、また延期にならなきゃいいけど。


************************************************************************
Important Update: VeriSign SSL, OFX and Code Signing Certificates
to move to 1024-bit, SHA-1 root on May 17, 2009.
************************************************************************

VeriSign root upgrade has been rescheduled to May 17, 2009.

This notice serves as an update to the notice you received during the
week of April 6, 2009 regarding an upgrade to VeriSign's root hierarchy.
Please note that all other procedures and details will remain the same
with the exception of the later effective date. We've amended our earlier
correspondence and attached it below for your convenience:
---------------------------------------------------------------------------
In our ongoing dedication to providing you and your customers with the
optimum balance of strong security and functionality, VeriSign will be
upgrading all VeriSign SSL and Code Signing products to a 1024-bit,
SHA-1 root on May 17th, 2009. All VeriSign certificates enrolled after this
date will chain up to this root.

thawte, GeoTrust and RapidSSL certificates will be upgrading to a 1024-bit,
SHA-1 root in the future. You will receive advanced notification before any
changes are made.

How this upgrade affects the validity of current certificates
Current digital certificates installed and in use will continue to operate
as normal, and no action is needed by you or your customers.

How this upgrade affects you and your customers
This upgrade is expected to be seamless to VeriSign customers. Certificate
installation instructions will be updated for the new Root hierarchy.

You are reminded that whenever you or your customers install a new certificate,
you must always follow the installation instructions. Even when you renew or
replace current certificates, please remember to follow the installation instructions
provided to you after issuance to ensure installation of the correct intermediate
Certificate Authority (CA) Certificate(s).

We appreciate your business.

twitterこの記事をTwitterでみんなに教える。

投稿者 debizoh : 2009年4月24日 06:19



トラックバック

現在、この記事はトラックバックを受け付けておりません。


コメント

現在、この記事はコメントを受け付けておりません。