As you may know, a vulnerability known as " Heartbleed " was recently dicovered in OpenSSL, through which an attacker can theoretically get the private key of SSL certificates.
We recommend a timely examination of the web server.
Please make sure that the OpenSSL version is updated. The replacement of the installed SSL certificates is in any case advisable. The server may not be compromised at the moment, however, the keys of the "old" certificates and other data from the memory could also be read, if the certificates are not be replaced.
Please note that
the vulnerability occurs in the web server tool OpenSSL, the EuropeanSSL certificates are of course still completely trustworthy.
You can replace your current SSL certificates free of charge. To do this, follow these steps:
- Update OpenSSL and make sure that the vulnerability no longer exists.
- Remove the certificate completely from your server.
- Create a new CSR
- Log in to your account EuropeanSSL and navigate to the certificate.
- Click on the button "Modify"
- There is a small popup window that opens in which the currently stored CSR is displayed. Please overwrite the current one with the newly generated CSR and confirm the changes by clicking on "change".
Please note that the validation of the certificate at a REPLACE becomes necessary again . After you have confirmed the Approvermail the certificate is reissued. We are happy to assist you here. Please send us the CSR unformatted over email to our support address . We are happy to provide you with your new certificate.
More information on this vulnerability can be found together with further technical details on: http://heartbleed.com/
With the following information , you can check quickly and reliably whether your server is affected.
What is affected?
Affected OpenSSL versions:
- 1.0.1 up to and including 1.0.1f.
Not affected OpenSSL versions:
The release of OpenSSL 1.0.1g from the 7th April 2014 closes this bug.
Is my site affected?
To find out if your site is affected, you can use a variety of reliable tools, such as test example http://filippo.io/Heartbleed/.
How do I fix the problem ?
Each system using one of the above affected OpenSSL versions should be updated via a patch. OpenSSL itself has released a patch which can be found on the official website : https://www.openssl.org/
Please note : It is imperative to update the OpenSSL software before you replace the EuropeanSSL certificates on the server.