On September 5th, 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar & Startcom hacks. In his message posted on Pastebin, he referred to also having access to 4 other high profile Certificate Authorities, and named GlobalSign as the 4th.
GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily halt issuance of Certificates until Monday, September 12th. We deem this to be an industry wide threat due to the mention of multiple CAs. We are adopting a high threat approach to bringing services back online and we are working with a number of organizations to audit the process of reactivating issuance. We apologize for the delay and inconvenience this may cause.
We would like to take this opportunity to explain that the GlobalSign CA root was created offline, and always has been offline. Any claims of the Comodo hacker to holding a private key does not refer to the GlobalSign offline root CA. By "offline" we mean that the Root CA Certificate is not connected to any network of any type. Root Key Material is physically (geographically) separate from any networked systems and is only ever exercised in controlled, and physically sealed offline ceremonies.
As we continue to investigate we will be posting frequent updates on our security advisory page, please visit http://www.globalsign.com/company/press/090611-security-response.html for the most up to date information.
We thank our customers, and the industry as a whole, for supporting the difficult decision to halt issuance while these steps are taken.
Saturday, September 10, 2011