Recent reports of the Debian SSL vulnerability (see US-CERT and El Reg) give thorough and careful explanations of the issue.  It’s worth emphasising a few points:

  •          It’s where the keys are generated that matters – not where the keys are used.  So if you generated a certificate using the affected Debian platform, you’re affected, even the certificate is used on a Windows platform, or some other Unix.
  •          If the certificate was signed by your private CA, just follow your own standard replacement procedure. If the certificate was signed by a public CA, you’ll need to go through their certificate replacement procedure.   It’s encouraging that public CAs are taking a constructive attitude to this problem (see Verisign’s press release, and Thawte’s reissue policy, for example).
  •          Don’t forget to install the replacement certificate on all machines that need it (for example, if it is a wildcard certificate). 

If you think you might be affected by this problem, don’t ignore it. Grasping for a silver lining – at least you can treat this as a fire drill for a nastier occasion, like your certificate being stolen.