April 29, 2014 - 4:00 pm. Posted by Robert Jenkins
With the recent Heartbleed security vulnerability affecting a significant part of the world’s secured internet traffic, most companies have been taking the precaution of renewing their SSL certificates as it is possible to compromise the keys for these certificates using the Heartbleed vulnerability.
Unfortunately, many browsers won’t automatically check for revoked certificates (including the most popular Google Chrome). We highly recommend you change the default setting to automatically check for revoked certificates. We provide a quick walk-through for Chrome below although similar settings exist for most major browsers so do check if you aren’t a Chrome user also.
Firstly, open your Chrome browser settings from the drop-down on the top right of your browser.
Under the ‘Advanced Settings’ section at the bottom of the settings option page, select ‘Check for server certificate revocation.’
There is a small performance hit from your browser checking SSL certificates on load every time but given that most of the world’s certificates changed this last month it’s definitely a situation that’s in favour of changing this to setting ‘on’ at least for the next few months while certificates refresh.