All reasonable certificate authorities will — at no cost — revoke your existing ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rwg on April 7, 2014 \| parent \| context \| favorite \| on: OpenSSL Security Advisory: TLS heartbeat read over... All reasonable certificate authorities will — at no cost — revoke your existing certificate and issue you a new certificate with the same expiration date as your old certificate. You'd just need to send the CA a new certificate signing request created from a newly-generated RSA key pair. If your CA wants you to buy a new certificate to recover from a key compromise, your CA is taking you for a ride, and you should find a less horrible CA to throw your money at.

0x0 on April 7, 2014 [–]

I think startssl requires $$$$ to revoke and/or reissue those "free" certs before they expire :-/

StefanWallin on April 8, 2014 | [–]

Is there another good CA that doesn't charge $$$ for both issuing and revocations?

0x0 on April 8, 2014 | | [–]

I just got a revocation request accepted with no charge there.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact