Update: April 10
We are now reissuing all SSL certificates together with our two CA providers – Comodo and GlobalSign, in order to eliminate any risk of private key leakage. Most of our certificates have already been reissued and the whole process is expected to complete within the next 24 hours. The reissuing process is conducted behind the scenes and requires no further action from our clients.
Extensive testing we conducted failed to demonstrate the possibility of private key compromise, except under the most contrived scenarios. However, we concluded that the risk does exist for any certificate deployed on OpenSSL over the past two years, given the fact that the vulnerability has been around since March 2012.
We have further approached our customers using custom SSL certificates about re-issuing their certificates. We believe it is advisable for all other OpenSSL users to do so as well.Read more »