Recently, it was discovered that the random number generator used by the version of OpenSSL packaged with the Linux distribution Debian was predictable.
Since private keys generated with this number generator can be predicted, they are a potential security risk to any site that employs an SSL certificate based off this version of OpenSSL. As a courtesy, we now check CSRs submitted to us to see if they conform to the patterns found in this number generator.
If you receive this error during configuration, this means that your CSR was generated from a private key using the affected version of OpenSSL. Debian has since released a fix for this problem and updating to the latest version of OpenSSL should resolve the issue.
Once you've updated to the newest version of OpenSSL, generate a new CSR and submit it as normal; the error should no longer appear.
You can read more about the security notice sent out by Debian here: http://www.debian.org/security/2008/dsa-1571
