GlobalSign releases security incident report.

Published: 2011-12-14
Last Updated: 2011-12-14 17:39:34 UTC
by donald smith (Version: 1)
3 comment(s)

GlobalSign released a press release today to address concerns that they may have had a compromise of their CA infrastructure.
They did a good job of stating what they did find and what they didn’t. They also address new measures put in place to improve their overall security posture.
“We didn't find any evidence of
*  Rogue Certificates issued.
*  Customer data exposed.
*  Compromised GlobalSign Root Certificate keys and associated Hardware Security Modules (HSM).
*  Compromised GlobalSign Certificate Authority (CA) infrastructure.
*  Compromised GlobalSign Issuing Authorities and associated HSMs.
*  Compromised GlobalSign Registration Authority (RA) services.

What did happen
*  Peripheral web server, not part of the Certificate issuance infrastructure, hosting a public facing web property was breached.
*  What could have been exposed? Publicly available HTML pages, publicly available PDFs, the SSL Certificate and key issued to
*  SSL Certificate and key for were deemed compromised and revoked. “

3 comment(s)


The have not revoked the SSL cert for

Common Name =
Subject Alternative Names =,
Issuer = GlobalSign Extended Validation CA - G2
Serial Number = 11212B0523FA14B061F78F3401895810A59F
SHA1 Thumbprint = 9E6858DFE3D0C070896A0F0ED014D98D48DFDB04
Key Length = 2048 bit
Signature algorithm = SHA1 + RSA (good)
Secure Renegotiation: Supported
The certificate expires August 15, 2013 (609 days from today)
Valid from 15/Aug/2011 to 15/Aug/2013
Issuer GlobalSign Extended Validation CA - G2
Subject GlobalSign Extended Validation CA - G2
Valid from 13/Apr/2011 to 13/Apr/2022
Issuer GlobalSign

You can also see the same results at

Common names
Alternative names
Prefix handling Both (with and without WWW)
Valid from Mon Aug 15 10:31:29 UTC 2011
Valid until Thu Aug 15 10:31:29 UTC 2013 (expires in 1 year and 8 months)

If it was revoked then the month should be December and not August.
I also checked their domain and that cert was issued just days ago -- maybe they meant the domain instead of the .com one ?

Common names
Alternative names
Prefix handling Both (with and without WWW)
Valid from Fri Dec 09 12:30:30 UTC 2011
Valid until Mon Dec 09 12:30:30 UTC 2013 (expires in 1 year and 11 months)

Diary Archives