Though should only regenerate when your CA has updated their side if
they use openssl anywhere in their pipeline
And you also need to revoke your current SSL certificates so they
can't be repurposed
On 9 April 2014 13:05, Gerard Creamer
That's what we did - patch then regenerate. Better safe than sorry.
On 9/04/2014 11:47 a.m., Michael Sutton wrote:
NZNOG members:
My apologies but all attempts to send the text content of this PDF this morning have been blackholed until I managed to send the contents to InternetNZ PAG as a PDF which made it through filters which been stopping this content. I have had no problem send other messages etc.
Your comments would be appreciated as I see this as a major issue which may require all certificates to be regenerated and then only used on patched systems whose memory and priv keys cannot read copied by external parties.
Sincerely Michael S Sutton Director - Awacs Communications (NZ) Limited Transit Room The Dominion Observatory 34 Salamanca Road Kelburn Wellington +64 21 305500 Twitter & Skype: Mikiwis http://www.awacs.co.nz https://www.google.co.nz/#q=michael+sutton+nokia+patent http://www.linkedin.com/profile/view?id=16587996&trk=tab_pro
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Netspace Services Limited http://www.netspace.net.nz Phone +64 4 917 8098 Mobile +64 21 246 2266 Level 4, 191 Thorndon Quay, Thorndon PO Box 12-082, Thorndon, Wellington 6004, New Zealand
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog