Entrust OpenSSL Disclosure


With news of the Heartbleed bug, we have been receiving questions as to how this impacts the certification authority (CA) service at Entrust. In summary, Entrust SSL customers do not need to be concerned about the management of their certificates or their certificate management accounts.

The CA private keys are protected on a NIST FIPS 140-2 Level 3 hardware security module (HSM). The CA private keys never leave this hardware and are not exposed to any server using OpenSSL.

The certificate management service also uses implementations of OpenSSL that are not vulnerable to the Heartbleed bug. As such, users do not have to change their passwords and should not be concerned that their private information has been exposed.

Users of products that use OpenSSL — specifically versions 1.0.1 through 1.0.1f — need to upgrade their systems to use OpenSSL 1.0.1g. If you do not know if your Web server is vulnerable to Heartbleed, try the SSL server test from Qualys SSL Labs.

Please note that you may have other systems that also use OpenSSL. Once OpenSSL has been upgraded, then the server owner should consider reissuing their SSL certificate with a new server private key. Server owners should also consider advising their end-users to change their passwords.

Please note that Entrust will support our customers by providing free certificate reissues and free certificate revocations. If you’d like to speak to Entrust Certificate Services directly about OpenSSL, please call 1-866-267-9297 (toll-free within North America) or 1-613-270-2680 (outside of North America), email cloudsupport@entrust.com, or submit an online customer support form.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.

1 Comment

Add to the Conversation