23,000 SSL Certificates to be Revoked Within Next 24 Hours

shafi432

Power Member
Joined
Jan 14, 2016
Messages
639
Reaction score
230
More than 23,000 SSL certificates that purchased through the reseller Trustico will be revoked today. The entire saga starts on February 2nd, 2018 when Trustico reached out to Digicert for mass revocation.

Trustico not has provided any details how the private key leaked or how did they acquire the keys,” says Jeremy Rowley from Digicert.

According to Trustico statement, they allow their customers to generate a certificate signing request and the private key at the time of ordering process. Then these generated private key will be stored cold storage for revocation purposes.

Trustico reached out to Digicert on February 2nd, 2018 requesting a mass revoke and Digicert asks Trustico to provide an evidence for the private key disclosure.

Later Trustico shares the private key along with the order numbers of the associated certificates in a zip file to DigiCert.
https://gbhackers.com/23000-ssl-certificates-revoked/
Source - https://gbhackers.com/23000-ssl-certificates-revoked/

If anyone from here is using Trustico SSL certificate, you might want to switch to another one ASAP.
 
Top