Owing to the recent severe bug in Debian's OpenSSL implementation, VeriSign is offering free reissuance of certificates. Patching the flawed software is not enough: certificates containing public keys generated by the buggy versions of OpenSSL have to be revoked and replaced with new copies generated by fixed versions of the software. For customers of trusted certificate authorities this also means having the CA resign the certificate. CAs normally charge for revoking and replacing certificates, but because a software error is involved, VeriSign is not charging for revocation and replacement of VeriSign, Thawte, GeoTrust, and RapidSSL SSL Certificates. This includes code signing certificates as well as SSL certificates.