CILogon and the OpenSSL Heartbleed Bug

Post date: Apr 9, 2014 1:04:40 PM

The CILogon service is not directly impacted by the OpenSSL Heartbleed Bug. The web servers use an OpenSSL version that is not vulnerable, and the CILogon CA private keys are protected by hardware security modules. However, CILogon relies on over 100 InCommon/OpenID identity providers for user authentication, and some of those identity providers may be impacted. InCommon is providing advice to its members at If you suspect a certificate issued by CILogon may be compromised, please contact to request certificate revocation. As always, please contact if you have any questions or concerns about the CILogon service.