Chiptech Solutions wants to help make our customers aware of the Heartbleed Vulnerability that impacts users of the OpenSSL protocol.
A lot has been written about this exploit in the past few weeks, we want to ensure that Chiptech Hosted Services were all promptly upgraded and patched to eliminate the vulnerability.
For visitors who may be running OpenSSL services in their own environments, here are some helpful steps from GeoTrust to help identify which of your servers may be impacted by the vulnerability, and what you can do to help address the issue. As a reminder, the flaw is with the OpenSSL library, and not the related SSL certificates themselves. Re-issuing certificates within the affected environments is an extra security measure to protect your organization if the vulnerability had been exploited.
- Identify if your web servers are vulnerable (running OpenSSL versions 1.0.1 through 1.0.1f with heartbeat extension enabled). Use our SSL Toolbox to detect this. If you’re running a version of OpenSSL prior to 1.0.1, no further action is required.
- If your server is impacted, update to the latest patched version of OpenSSL (1.0.1g), or recompile OpenSSL without the heartbeat extension.
- Generate a new Certificate Signing Request (CSR).
- Reissue any SSL certificates for affected web servers using the new CSR (do this after moving to a patched version of OpenSSL).
- Install the new SSL certificate and test your installation.
- After the new certificate is successfully installed, revoke any certificates that were replaced.
- Website administrators should also consider resetting end-user passwords that may have been visible in a compromised server memory.
- Always refer back to the Knowledge Base for more information.
Chiptech Solutions hopes your team has taken the time to address this important vulnerability in a timely fashion. If you’re curious about how we can help your organization keep your core business applications more secure in our hosted environment, please contact us at (800) 295-0167 or fill out the Learn More form to the right.