Miva Merchant Community Forums
Miva Empresa Security Bulletin
You may or may not be aware that DigiNotar, a certificate authority, had their root CA key stolen and used to generate bad certificates. You can read about it on their Wikipedia page:http://en.wikipedia.org/wiki/DigiNotar
The default certificates packaged with all Miva Empresa versions since 5.07 include the DigiNotar certificate, which makes us vulnerable to man in the middle attacks using their compromised certificates.
We will be removing the certificates from future versions of Miva Empresa. In the interim you can fully protect yourself and your customers by deleting those certificates from the certs/ directory.
The files that need to be removed are:
Miva Empresa versions 5.11 through 5.15:
Miva Empresa versions 5.07 through 5.10:
Once those files are removed from the Miva Empresa Certs Directory then your software is no longer vulnerable to this attack in any way.
If you are an Annual Retail License customer who's hosted with Miva Merchant, Hostasaurus or SimpleNet, then we've already deleted these files from your Certs directory and no action is needed on your part.