Certificate issuing stopped at KPN after server break-in discovered
The certificate authority (CA) belonging to KPN Corporate Market, a subsidiary of Dutch telecommunications provider KPN, has announcedDutch language link that it has stopped issuing Secure Socket Layer (SSL) certificates because hackers bypassed the CA's security mechanisms and compromised one of its servers. When performing a thorough review that was prompted by other recent Certificate Authority break-ins, the CA discovered programs which are used for DDOS attacks on other computers. The evidence discovered so far indicates that the break-in at KPN happened four years ago and has remained undetected since then.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump