Dutch certificate authority KPN has ceased issuing secure sockets layer certificates after detecting a security breach on one of its servers.
The moratorium on new certificates, announced by KPN on Friday, comes after the company discovered that one of its servers had been hacked as much as four years ago.
There is no evidence that KPN's production of certificates was compromised, but this cannot be completely ruled out, the company said in a statement.
The server had been hacked to function as part of a command-and-control botnet, KPN indicated.
The company has replaced the servers. An independent investigation is also taking place to ensure the integrity of its certificates. The results should be available at the beginning of next week.
Multiple certificate authorities have been compromised this year, including Diginotar, which produced certificates used by Google and the Dutch government.