Most internet users are probably already aware that a new security vulnerability discovered yesterday, the “Heartbleed Bug”, has widespread security implications across all secure internet sites. Amazon Web Services, the datacenter on which policyIQ applications are hosted, has already patched all necessary servers to eliminate this vulnerability. While there is absolutely no indication that any policyIQ secured sites have been impacted, our technicians have taken the additional proactive step of replacing all SSL certificates associated with policyIQ applications.
SSL certificates have an associated date and time from which they are valid, which is not standardized across all time zones. In a typical situation, certificates would be replaced and run in tandem with the older certificates until all time zones are fully “caught up” with the certificate. However, we have decided that in light of the significance of this issue, we are making a clean break with our new certificates replacing the old.
Users in Central, Mountain, Western and the Hawaii-Aleutian time zones may see an SSL security certificate error for several hours this morning. Please be assured that the certificates are valid, but your computer’s time clock may not yet match the certificate’s valid start date and time. (Users in time zones ahead of the US Eastern Time zone will have no such errors.)
We apologize for the inconvenience, but do believe that this security update warrants immediate action. Again, we do want to stress that there is no indication or reason to believe that any policyIQ certificates have been compromised. This is a proactive response to further harden our environment from any security vulnerabilities. Please contact us if you have any questions.