TR-06 - DigiNotar incident and general SSL/TLS security consequences (September 2011)

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member


It appears that recently an attacker or a group of attackers gained access to the certificate management infrastructure of the Dutch Certificate Authority (CA) ‘DigiNotar’. The attacker issued several certificates for high profile sites. These certificates can be used to intercept information on communication paths that are usually trusted for their integrity and authenticity. It is highly advised to install all available browser and operating system updates and to remove the compromised DigiNotar CA certificate.

Who is affected?

All systems using SSL/TLS and having DigiNotar Root CA installed.

Prerequisite for a successful attack

A man-in-the-middle situation must be created to successfully exploit the situation. This can be achieved by getting control over the local machine, the local network, the transient network to the destination or the domain name service.

Required action

All system components dealing with SSL/TLS should be updated as soon as possible. Operating system vendors and browser vendors started updating their products. If you really want to be on the safe side, remove the DigiNotar CA certificate from your certificate store.

Remaining risk

The attacker claimed to have access to other Certification Authorities. We currently expect to receive more information in the future. Please check back to this website regularly.

Contact us

If you have a question, issue or suspicion regarding this or other security topics, don’t hesitate to contact us.

Initial investigations