The parent comment recommended StartSSL, I was simply stating my opinion of the company and informing people that there is a catch when using their service.
If you obtain a free certificate then $25 per certificate probably is an issue, especially since there is no guarantee that this won't happen again in the near future.
Many people probably have several subdomains which needed certificates, $25 per subdomain can add up quickly if you have several.
No, they were not obligated to offer revocation for free, but a significantly discounted price would have allowed a much larger percentage of people to revoke their certificates. It's not too much different than extortion, since many people who obtain free certificates are not aware of the possibility of the need to revoke a certificate, then they are basically screwed when they are forced to either pay up or have their server left insecure.
Hypothetical Situation: If I start a free SSL cert service and put in my terms that there is a $1,000 revocation fee, would that be acceptable? Many people would signup without thinking they would never need to revoke a certificate, then another Heartbleed-like situation occurs and many of your users have servers that are at risk without revocation, would it be acceptable to say, "Oh well, pay up or else someone could hack your servers".
StartSSL exploited their customers during a time of crisis (yes, servers leaking private information is a crisis) and they deserve the negative PR they are receiving from it.
Many people have even been proposing that StartSSL be removed from the trusted CA lists included with OSs and browsers since so many StartSSL certificates will remain unrevoked, and there is a valid point to that.
The private key could have been stolen any time during that the heartbleed vulnerability has been present on the server (~2 years).
This would allow for a MITM attack which would obtain user credentials and unauthorized access to a server.
Since the attack isn't recorded it's unknown if it was used extensively before it was made public. The time between announcement and patching was likely significant enough for the potential of someone stealing the private key during that period as well.
This is also why re-using the same private key for the new certificate is a bad idea.
Think about the wide variety of sites that would use a free SSL certificate that might not have the funds for revocation. Almost every site I've ever seen has had people try to hack it.
There is a fairly decent chance that a very small site would not have someone steal it's private key, but it's hard to make that assumption, that's why every site about Heartbleed suggests revocation of the old certificates.
Why not just regenerate a key and get a new cert?
Why revoke the old one if all your services will just reject it? I mean, you can do it just to be sure you don't make a mistake. But beyond this why?
Because the BROWSER is what's being attacked in a MiTM. To the server it just looks like a regular client connecting. It never sees the certificate the client saw. There is nothing for the server to reject.
1. Attacker steals the private key via heartbleed or other means
2. Attacker sets up their own server using the stolen private key
3. Attacker tricks a user into accessing their server rather than the real server via any of a number of methods, such as a compromised hotspot.
4. User provides their sensitive information to the attacker, thinking they're on the real site.
No server-side action can mitigate the risk of a stolen private key in the above scenario, since the user never communicates with the legitimate server. That said, most browsers ship with certificate revocation lists disabled by default, so revoking the certificate doesn't help nearly as many people as we'd like. But for people who do enable CRLs, they'll see the scary warning rather than their browser trusting the revoked cert.
If you obtain a free certificate then $25 per certificate probably is an issue, especially since there is no guarantee that this won't happen again in the near future.
Many people probably have several subdomains which needed certificates, $25 per subdomain can add up quickly if you have several.
No, they were not obligated to offer revocation for free, but a significantly discounted price would have allowed a much larger percentage of people to revoke their certificates. It's not too much different than extortion, since many people who obtain free certificates are not aware of the possibility of the need to revoke a certificate, then they are basically screwed when they are forced to either pay up or have their server left insecure.
Hypothetical Situation: If I start a free SSL cert service and put in my terms that there is a $1,000 revocation fee, would that be acceptable? Many people would signup without thinking they would never need to revoke a certificate, then another Heartbleed-like situation occurs and many of your users have servers that are at risk without revocation, would it be acceptable to say, "Oh well, pay up or else someone could hack your servers".