WHMCS SSL certificate on Blog?

[Blueberry3.14]

http://blog.whmcs.com/?t=88022

 

"We recommend that you take precautionary action and regenerate all SSH keys as well as reissue all SSL certificates in use."

 

 

...yeah. How about WHMCS doing the same? I would have expected your SSL certs be reissued 5-6 days ago.

 

[merlinpa1969]

You are aware that by just re-keying your ssl cert that the date doesnt change. All of ours have been re-keyed and the dates have not changed.

[Damo]

All out GeoTrust EV certificates show the new date (of a few days ago), not the original dates.

 

By 'rekeying' are you referring to generating a new CSR and having the CA reissue the cert for you to install? If not, then you've not updated the certificate.

[merlinpa1969]

lol New private key, new CSR based on the new Key and re-issued. so yea, we have indeed updated the certificate correct

[WHMCS Nate]

Hello,

 

As part of our response to the threat of the Heartbleed bug, we did an audit of all our external facing systems in which we found that none of our servers were using versions of OpenSSL that were vulnerable to the Heartbleed attack. Because our systems were not vulnerable, and in consultation with our System Administrators, we concluded that there was no immediate threat to SSL communications or the SSL private key associated with our servers, and thus no immediate need to re-key our SSL certificates.

 

Our blog post included only general recommendations. Our goal was to raise awareness about best practices in handling this across the industry; to highlight steps that would do the most good and least harm.

 

If you are uncertain if you were affected, we still encourage you to upgrade your servers, rotate your certificates, and change all your passwords.

 

Nate C