Hongkong Post e-Cert
Home Contact Us Sitemap 繁體中文 简体中文 Text Mode
A A A


Certizen Limited

Hongkong Post

Level Double-A conformance, W3C WAI Web Content Accessibility Guidelines 2.0
 
 

Date: 16 May 2014

Support Arrangement on the Replacement Service for e-Cert (Server)

In early April 2014, the vulnerability (known as "Heartbleed bug"), identified in OpenSSL software library, has drawn high attention globally.

In wake of the Heartbleed bug vulnerability, Hongkong Post Certification Authority (HKPCA) will offer a replacement service for e-Cert (Server) certificates to both existing e-Cert (Server) subscribers and new applicants who have existing SSL certificates.

The support arrangement on the replacement service is summarized as follows:

Period 16 May 2014 until 1 September 2014
Customers Existing subscribers New applicants who have other SSL certificate installed
Support Arrangement Provision of replacement e-Cert (Server), with free subscription fee within the validity period of original e-Cert(Note 1) (Note 2). Provision of replacement e-Cert (Server) , with free subscription fee within the validity period of original e-Cert (Note 1)(Note 2). A HK$150 pre-payment(Note 3) is applied.
How-to Apply

1. Call our hotline service 2921 6633 or through email enquiry@hongkongpost.gov.hk to check eligibility of offer and to receive an offer letter.

2. Authorized Representative submits the e-Cert (Server) application form and the offer letter (and HK$150 for new applicants) to any Post Office.

(Note 1: Subscription fee of the e-Cert (Server) certificate will be waived for the validity period of the original SSL certificate. Subscribers will be charged for the remaining validity period of the replacement e-Cert (Server) certificate pro-rated on a monthly basis. An invoice will be sent to the subscriber directly two months prior to the expiration of the previous SSL Certificate for successful application.)

(Note 2: The type of the e-Cert (Server) certificate will be consistent with the original SSL certificate. For applicants who have existing certificates with one domain name or above, e-Cert (Server) or e-Cert (Server) with "Multi-domain" feature will be issued, while for the ones who have existing wildcard SSL certificates, e-Cert (Server) with "Wildcard" feature will be issued.)

(Note 3: The pre-payment will be deducted when subscriber is charged for the remaining validity period of the replacement e-Cert (Server) certificate. If no payment is received, pre-payment will not be refunded.)

Charges are prorated on a monthly basis and are calculated by multiplying the number of remaining months of validity of the e-Cert (Server) certificate. An invoice will be sent to the subscriber directly two months prior to the expiration of the previous SSL Certificate. If no payment is received, we reserve the rights, and will suspend the Replacement e-Cert (Server).

Examples:

1. For e-Cert (Server) certificate with "Multi-domain" feature, assuming this certificate only with 1 domain name and if the validity of the current SSL Certificate is on 25 May 2016 and the replacement 3-year e-Cert (Server) certificate with "Multi-domain" feature has a validity period from 15 May 2014 to 15 May 2017, the number of remaining months of validity of the replacement e-Cert (Server) certificate would be 12 months (i.e. June 2016 to May 2017). The subscriber would be charged pro-rated on a monthly basis, at HK$250 per remaining month, for a total of HK$3,000(Note 4) .

2. For e-Cert (Server) certificate with "Wildcard" feature, if the validity of the current SSL Certificate is on 25 May 2016 and the replacement 3-year e-Cert (Server) certificate has a validity period from 15 May 2014 to 15 May 2017, the number of remaining months of validity of the replacement e-Cert (Server) certificate with "Wildcard" feature would be 12 months (i.e. June 2016 to May 2017). The subscriber would be charged prorated on a monthly basis, at HK$725 per remaining month, for a total of HK$8,700(Note 4) .

(Note 4: the pre-payment, as HK$150, will be deducted from the total payment for the new applicants.)

For enquiry, please call Hongkong Post Certification Authority hotline at 2921 6633 or email to enquiry@hongkongpost.gov.hk.

Frequently Asked Questions

1. We don’t know whether our website is vulnerable by Heartbleed bug. Can you help us?

The systems or devices using SSL/TLS encryption may be affected by the vulnerability, some examples are websites with HTTPS or SSL-VPN gateways for remote access. Ordinary websites without using HTTPS are not affected.

Customers can perform checking on all relevant systems or devices using the following websites:

https://www.ssllabs.com/ssltest/

A warning as shown below will be displayed if the system or device is affected:

"This server is vulnerable to the Heartbleed attack. Grade set to F. (Experimental)"

Or customers may provide a URL of the website to our technical support for verifying whether the website is vulnerable to the Heartbleed bug.

2. If our website is vulnerable by Heartbleed bug, what should we do?

Customers are advised to follow the following steps:

  1. patch the system/device/software that is using OpenSSL with an updated or unaffected version;
  2. As the vulnerability could allow remote unauthenticated attackers to steal information protected by SSL/TLS encryption, suggest to apply for a new e-Cert (Server) certificate following the normal application procedure;
  3. deploy the new e-Cert (Server) in the affected server, and
  4. revoke the original SSL certificate. For existing e-Cert (Server) subscribers, instruction can be found at HKPCA website and request revocation online.

3. We are using SSL certificate which has not expired yet. Do I need to pay more for the new e-Cert (Server)?

A support arrangement for saving the unused validity period of an existing SSL certificate is available to customers. Customers need only to pay for the period after the validity date of the original SSL certificate pro-rated on monthly basis. The pre-payment fee will be deducted from the total payment for the new applicants. An invoice will be sent to the subscriber directly two months prior to the expiration of the previous SSL Certificate. If no payment is received, pre-payment will not be refunded. We also reserve the rights, and will suspend the e-Cert (Server).

4. We want to apply for the support arrangement. What is the criteria and application procedure?

The support arrangement is applicable to organizations that is (1) Bureaux and Departments of the Government of Hong Kong SAR, or holding a valid business registration certificate issued by the Government of the Hong Kong SAR, or statutory bodies of Hong Kong whose existence is recognized by the laws of Hong Kong SAR ( "Subscriber Organisation" ); and (2) owner of a domain name (hold by "Subscriber Organisation"); and (3) holder of any SSL certificate, including non-Hongkong Post issued e-Cert (Server) (hold by "Subscriber Organisation"). Customers can call our hotline service 2921 6633 or through email enquiry@hongkongpost.gov.hk to apply.

5. I want to perform testing on our servers with e-Cert (Server) before purchase. Can I get any assistance?

Customers may call our hotline service 2921 6633 for enquiry / registration.