...
| Warning | ||
|---|---|---|
| ||
A major new threat is sweeping serious vulnerability has affected many servers the Internet. The Heartbleed Bug, announced publicly on April 7, 2014, is a serious vulnerability that affects undercuts the security of certain versions of OpenSSL in circulation since 2012. |
...
The above server was patched, its TLS certificate was revoked, and a new TLS key and certificate were installed. This . The content on that server has been reviewed and found to be unimpaired. These steps restored the integrity of the HTML resource (i.e., the fingerprints of the metadata signing certificate).
...
If your SAML deployment relies on an affected version of OpenSSL, it is recommended that you should take the following actions to mitigate the that vulnerability:
- Patch the affected version of OpenSSL
- Follow the OS vendor's instructions to upgrade OpenSSL to the latest version
- Revoke your browser-facing TLS certificate
- Configure the system with a new trusted TLS key and certificate
- Revoke your SAML certificate in metadata
- Migrate a new certificate into metadata
Consult your local security team for further recommendations for action you may want to undertake, potentially including a review the integrity of your system, including all critical configuration files and other security-sensitive settings. You may also want to consider a forced password change for any local accounts as an additional precautionary measure.
When all but the final step 3 above have been completed, follow these additional steps to migrate a new certificate into metadata:
...