ProductsCart
Name.com Blog
April 10, 2014

Some Heartbleed Bug advice for Name.com customers (and pretty much everyone with SSL)


In the past few days security researchers discovered a serious vulnerability in OpenSSL Certificates that has existed for more than two years. It’s called the Heartbleed Bug, and you can read more about it here. The basic problem is that personal information, like passwords and credit card information, could have been compromised on sites that were using OpenSSL.
The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL:

Step 1: Generate a new Key / CSR (certificate signing request) from within your name.com hosting account

Step 2: Re-issue an SSL certificate on your domain name. For more detailed instructions you can reference this tutorial.

Also—and this is very important—if you have users that log in to your site, we suggest that you notify them to reset their passwords. 

Please don’t hesitate to reach out to us if you have any further questions. Our legendary customer support team is here and ready to take your call or email.

Also know that:

  • If you purchased the SSL Certificate through us, we will do the re-issue regardless of whether it’s hosted at Name.com.
  • A re-issue allows you to create an entirely new certificate after generating a new private key and CSR.

You can do this! For a more detailed tutorial, Sky Diegel in our customer support created these steps:

1. Visit this link.

2. After watching the video, click the link at ‘Step 2’.

3. On the next page, enter the fully qualified domain name. This is the sub-domain that the original certificate was issued on (i.e. www.domain.com, login.domain.com, secure.domain.com, *.domain.com etc.).

4. Enter the email address you used when you signed up for the certificate, or the whois technical contact email address.

5. Enter the ‘Image Number’ (Captcha) and click ‘Continue’.

6. On the next page you will need to verify the expiration date of the certificate if more than one comes up.

7. Once you have verified, click ‘Request Access’ and the re-issue will be sent to the supplied email address.

8. This email is used to create the new CRT file (the actual certificate) using the new CSR.

9. Once the CRT is installed on the hosting server, the installation of a new certificate is complete.

**Note that a re-issue does not modify the expiration date of your original certificate**

Reissuing your SSL Certificate is something that can be done from the convenience of  your own computer, but if you run into any issues or have questions, we are here to help.

Share this article!