OpenSSL Vulnerability and SSL Certificate Changes

You’ve likely already heard about the recent OpenSSL vulnerability called Heartbleed. We have no indication that any of our systems were compromised, and we’ve taken the best measures we can to ensure integrity throughout. As always, it’s worth noting that it’s never a bad idea to cycle your passwords.

As part of our security updates, we will be revoking our current SSL certificate. This has been a long time coming, and this has just pressed the issue. Unfortunately, this means that anyone who had to update their keychains with our SSL certificate will have to go through the process again. While this doesn’t affect all users, it’s important to be aware of this transition.

Primarily, if you’re a user of raven-java, or you’ve explicitly enabled ssl verification in any other clients, you’ll want to ensure that our new certificate is registered on your servers before April 14th when we do the cutover.

For more information, as well as links to obtain the new certificates, visit our SSL documentation. Whether you want to debug Ruby, do Node error tracking, or handle an obscure Java exception, we’ll be working hard to provide the best possible experience for you and your team with Sentry!