Comodo, an Identity and Trust Assurance Management solutions provider, announced that it would offer free SSL certificates to any online businesses affected by the security flaw recently detected in Debian - the LINUX distribution.
While the company stressed that the SSL certificates it issued are not vulnerable (it is the private keys generated by the users that may be vulnerable). It says that it is offering assistance to customers as well as to anyone using a competitive SSL certificate from VeriSign or others by offering a new SSL certificate free of charge.
The security flaw affects OpenSSL in Debian versions of the Linux operating system. It states that the security flaw allows brute forcing of vulnerable keys and could lead to a compromise of secure communications using the keys.
To support and assist affected merchants in their efforts to remedy the problem, It affims that it is offering free replacement certificates for any certificate that may have been compromised, even if the original certificate was provided by another company.
It avers that affected users are advised to replace their certificates in order to ensure the security of their sensitive data including passwords, financial accounts, credit card numbers, and identities.
It adds that their customers can log into their accounts and replace their certificates with a new Certificate Signing Request. Customers should update the OpenSSL package to the latest version, create a new CSR and key pair then proceed to replace the affected certificate.
"We are making this offer for a free replacement SSL certificate to any affected business, regardless of their original provider because we recognize that SSL certificates are a pivotal foundation of a trusted Internet," said Melih Abdulhayoglu, CEO and Chief Security Architect of Comodo.
"SSL certificates working properly are essential to the success of online commerce, and we are giving free certificates as an incentive to encourage immediate remedial action. Our free offer is intended to remove any barriers from businesses needing to correct these certificates."
Return to hosting news headlines
View Hosting News Archive