Heartbleed Bug - How to make your SSL encrypted site secure again.

As you may know, a recent vulnerability known as "heartbleed" has been discovered in OpenSSL through which an attacker could theoretically gain access to the private keys of SSL certificates.

We recommend a timely check of the web server

Please make sure that the OpenSSL version used there needs to be updated. The exchange ("REPLACE") of the SSL certificates set up on the servers is advisable in any case, since the server does not have to be affected by this security gap, but the keys of the "old" certificates and other data could be read from the memory if the certificates are not exchanged.

Of course, you can exchange your current SSL certificates free of charge. Proceed as follows to do this.

1. Update OpenSSL and make sure that the vulnerability no longer exists.
2. Remove the certificate completely from your server.
3. Create a new CSR
4. Log in to your EuropeanSSL account and call up the certificate.
5. Click on the button "Modify".
6. A small popup window opens in which the currently stored CSR is displayed. Please overwrite the existing CSR with the newly generated one and confirm the changes by clicking the "Change" button.
   
   

You will find further information about this security gap at: https://en.wikipedia.org/wiki/Heartbleed

With the following information you can quickly and reliably check whether your server is affected.

Affected OpenSSL versions:

• 1.0.1 up to and including 1.0.1f.

Not affected OpenSSL versions:

• 1.0.1g
• 1.0.0
• 0.9.8

The release of OpenSSL 1.0.1g on April 7, 2014 closes this bug.

Is my site affected?

You can test whether your site is affected using various reliable tools, such as https://filippo.io/Heartbleed/.

How do I fix the problem?

Every system that uses one of the above mentioned affected OpenSSL versions needs to be updated with a patch. OpenSSL itself has released a patch which you can find on the official website : https://www.openssl.org/