I received this mail below, and call me paranoid, but I think
this may be a ploy by Thawte to generate additional business.
The certificate in question runs out soon, and I have been
constantly harassed by them into applying for a new one for
the past 3 months. I mean, harassed, I even had my CIO
receiving 1 or 2 emails per day warning him too.
Does anyone else have any similar experiences?
Thanks in advance
Regards
James McGee CISSP
Information Security Consultant
Zurich International Solutions
E-Mail: [EMAIL PROTECTED]
Tel:+44 1624 691025
Mob:+44 7624 433356
Fax:+44 1624 691580
----- Forwarded by James McGee/ZFSIL/IsleOfMan/Zurich on
17/07/2003 12:52 -----
"Bo Wilson" <[EMAIL PROTECTED]>
17/07/2003 12:17
To
<[EMAIL PROTECTED]>
cc
Subject
Please read this important information about your Thawte
certificate
Dear Customer,
Thawte's digital certificate issuance system assigns a serial
number to each Thawte certificate that is issued. Recently,
we discovered it was possible for the system to assign the
same serial number to more than one Thawte certificate.
Because we take all such matters very seriously, we
immediately resolved the problem, and do not expect it to be
an issue going forward.
However, we have learned that you are among the customers
whose Thawte certificates contain a serial number associated
with another certificate. It is important to note that your
certificate's security functionality has not been compromised
in any way. It still fully authenticates your specified
entity and provides complete encryption. Similarly, the
certificate validity status shown on the certificate itself
(which can be accessed by double-clicking on the lock icon),
as well as on the Thawte Site Seal, is absolutely correct and
also unaffected.
There is a minor related issue that may require some action
on your part. Essentially, it is possible for your
certificate to be incorrectly listed as "revoked" on Thawte's
Certificate Revocation List (CRL). While this does not
affect the secure operation of your certificate, it
nonetheless needs to be corrected so that your customers
always know your certificate is valid and in good standing in
every possible scenario.
Your customers are not likely to see any impact from the
above mentioned CRL scenario, since current browser versions
do not automatically validate the CRL by default. However,
we strongly recommend you obtain a reissued certificate to
completely eliminate any possibility now and for the future,
where automatic validation may occur by default in future
browser versions.
As your certificate will be expiring within the next 2
months, you may find it more convenient to renew early,
instead of getting a reissued certificate when you will have
to renew again in two months time. This renewed certificate
will have a new, unique serial number. Please go to
www.thawte.com/renew.html to renew now and any additional
time still available on your old certificate will be added to
your renewed certificate.
If you would like to know the status of your Thawte
certificate, please go to
https://www.thawte.com/cgi/server/checkDuplicateSerials.exe
with your certificate order number and follow the
instructions.
If you would like more information, please go to
http://www.thawte.com/serial_faq.html
to view our Frequently Asked Questions or you can contact us
via:
* email at [EMAIL PROTECTED]
* log a ticket on
https://www.thawte.com/cgi/support/contents.exe
* chat - click on the link at
http://www.thawte.com/html/SUPPORT/popups/contactsSUPPORT.html
For additional questions or concerns, you can contact us via
email at [EMAIL PROTECTED]
We sincerely apologize for any inconvenience this may have
caused you. You can be assured that Thawte is dedicated to
providing premium online digital certificates and we truly
value your continued patronage.
Yours sincerely,
Bo Wilson
Managing Director, Thawte Consulting (Pty) Ltd
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
