Update to SSL Certificate Tomorrow

A heads up for the LastPass community: Our SSL certificate for LastPass.com is due to expire soon, so we plan to rotate a new one in shortly.

For those who are interested, it will continue to be a Thawte Extended Validation Certificate (EV).

This is a behind-the-scenes change, so LastPass users should not see any interruption in service or functionality. Any reports or concerns, though, can be posted in the comments below or directed to our support team.

Thanks for tuning in,
The LastPass Team


  • Clark Gable says:

    Good post, thanks for the tips.

  • Anonymous says:

    I bet Microsoft just don’t want us accessing Twitter because they don’t own it (yet). The explanations do not pan out; I access sites with https all the time – no problem – bit they are making it awfully hard for us to access Twitter.

    • BanditQuest says:

      @anonymous Yes twitter has updated to SHA256 cert signing so you must be using an older OS that does not support this – it’s a pain that is going to get worse.

  • I just learned my Google Chrome browser and my LastPass extension are friends again. :)

    After dealing with Dashlane, which isn’t a bad product – but no where near as versatile and friendly as LastPass, you have no idea how big my smile became when I saw my lil red LP icon light up on Chrome.

    Thank you so much for making me whole again. Frankly, surfing without LP was a major pain. I love this program!

  • BanditQuest says:

    The recent (last 6 days) change to the certificate now shows it is key signed SHA1 so I am jumping for joy as that allows an old WIN XP SP2 (that does not support SHA256 signed keys) to sign on to lastpass.com home page on a CHROME browser. I do hope you don’t go to SHA256 key signing AGAIN breaking all 2 million machines (= 0.5% of XP stuck on SP2).

  • johnny appleseed says:

    I’m concerned that OpenSSL heartbleed bug has not been fixed at Lastpass. Can you please update us users about the status of your security?

  • steve says:

    +1 what Ivan said
    . Media reports lastpass as vulnerable. Fess up and advise what you are doing to fix!

    • Amber Gott says:

      Steve: Please see our newest blog post: blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html which addresses these concerns. If you’re seeing new media reports saying that LastPass is vulnerable, we’d appreciate a link so that we can follow up.