

Ask HN: Does Heartbleed affect CAs? - chacham15

If my understanding is correct the Heartbleed vulnerability affects any server running OpenSSL. Does this mean that root CAs need to update their root CA Certs? Should I be doing that manually somehow?
======
mballantyne
Heartbleed affects servers terminating TLS connections using certain versions
of OpenSSL. It doesn't impact certificate operations a CA would be doing, and
CA root certificates are kept far, far away from front end web servers that
might run TLS. Usually in something like this:
[http://en.wikipedia.org/wiki/Hardware_security_module](http://en.wikipedia.org/wiki/Hardware_security_module)

~~~
chacham15
Thanks

