I received this mail below, and call me paranoid, but I think this may be a ploy by Thawte to generate additional business.
The certificate in question runs out soon, and I have been constantly harassed by them into applying for a new one for the past 3 months. I mean, harassed, I even had my CIO receiving 1 or 2 emails per day warning him too. Does anyone else have any similar experiences? Thanks in advance Regards James McGee CISSP Information Security Consultant Zurich International Solutions E-Mail: [EMAIL PROTECTED] Tel:+44 1624 691025 Mob:+44 7624 433356 Fax:+44 1624 691580 ----- Forwarded by James McGee/ZFSIL/IsleOfMan/Zurich on 17/07/2003 12:52 ----- "Bo Wilson" <[EMAIL PROTECTED]> 17/07/2003 12:17 To <[EMAIL PROTECTED]> cc Subject Please read this important information about your Thawte certificate Dear Customer, Thawte's digital certificate issuance system assigns a serial number to each Thawte certificate that is issued. Recently, we discovered it was possible for the system to assign the same serial number to more than one Thawte certificate. Because we take all such matters very seriously, we immediately resolved the problem, and do not expect it to be an issue going forward. However, we have learned that you are among the customers whose Thawte certificates contain a serial number associated with another certificate. It is important to note that your certificate's security functionality has not been compromised in any way. It still fully authenticates your specified entity and provides complete encryption. Similarly, the certificate validity status shown on the certificate itself (which can be accessed by double-clicking on the lock icon), as well as on the Thawte Site Seal, is absolutely correct and also unaffected. There is a minor related issue that may require some action on your part. Essentially, it is possible for your certificate to be incorrectly listed as "revoked" on Thawte's Certificate Revocation List (CRL). While this does not affect the secure operation of your certificate, it nonetheless needs to be corrected so that your customers always know your certificate is valid and in good standing in every possible scenario. Your customers are not likely to see any impact from the above mentioned CRL scenario, since current browser versions do not automatically validate the CRL by default. However, we strongly recommend you obtain a reissued certificate to completely eliminate any possibility now and for the future, where automatic validation may occur by default in future browser versions. As your certificate will be expiring within the next 2 months, you may find it more convenient to renew early, instead of getting a reissued certificate when you will have to renew again in two months time. This renewed certificate will have a new, unique serial number. Please go to www.thawte.com/renew.html to renew now and any additional time still available on your old certificate will be added to your renewed certificate. If you would like to know the status of your Thawte certificate, please go to https://www.thawte.com/cgi/server/checkDuplicateSerials.exe with your certificate order number and follow the instructions. If you would like more information, please go to http://www.thawte.com/serial_faq.html to view our Frequently Asked Questions or you can contact us via: * email at [EMAIL PROTECTED] * log a ticket on https://www.thawte.com/cgi/support/contents.exe * chat - click on the link at http://www.thawte.com/html/SUPPORT/popups/contactsSUPPORT.html For additional questions or concerns, you can contact us via email at [EMAIL PROTECTED] We sincerely apologize for any inconvenience this may have caused you. You can be assured that Thawte is dedicated to providing premium online digital certificates and we truly value your continued patronage. Yours sincerely, Bo Wilson Managing Director, Thawte Consulting (Pty) Ltd --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------