As you may know, a recent vulnerability known as "heartbleed" has been discovered in OpenSSL through which an attacker could theoretically gain access to the private keys of SSL certificates.
We recommend a timely check of the web server.
Please make sure that the OpenSSL version used there needs to be updated. The exchange (REPLACE) of the SSL certificates set up on the servers is advisable in any case, since the server does not have to be affected by this security gap, but the keys of the "old" certificates and other data could be read from the memory if the certificates are not exchanged.
Please note that the security hole in the web server tool OpenSSL occurs, the used EuropeanSSL certificates are of course still absolutely trustworthy.
Of course, you can exchange your current SSL certificates free of charge. Proceed as follows to do this.
Please note that the validation of the certificate becomes necessary again with a REPLACE. After you have confirmed the Approvermail, the certificate will be reissued to you. We are happy to help you with this. Please send us the CSR unformatted by email to our support address. We will be happy to reissue your certificate.
You will find further information about this security gap, together with further technical details, at: http://heartbleed.com/
With the following information you can quickly and reliably check whether your server is affected.
Affected OpenSSL versions:
Not affected OpenSSL versions:
The release of OpenSSL 1.0.1g on April 7, 2014 closes this bug.
Is my site affected?
You can test whether your site is affected using various reliable tools, such as http://filippo.io/Heartbleed/.
How do I fix the problem?
Every system that uses one of the above mentioned affected OpenSSL versions needs to be updated with a patch. OpenSSL itself has released a patch which you can find on the official website : https://www.openssl.org/
Please note: It is mandatory to update the OpenSSL software before you exchange the EuropeanSSL certificates on the server.