M
magicalwonders
Hello,
I have a managed VPS running CENTOS 6.5 x86_64 virtuozzo with WHM 11.42.1 (build 5). I've tried to make sure my server is secured against the heartbleed bug, but I'm not sure if I'm completely there.
This is what I've done so far -
Performed a "yum update from command line to install the patched version of OpenSSL. That showed fix to CVE-2014-0160
In WHM, navigated to Home » Service Configuration » Manage Service SSL Certificates. Then clicked Reset Certificate for each service: FTP, Exim, cPanel/WHM/Webmail Service, and Dovecot.
Changed root password.
Rebooted server.
I tested the server using filippo.io/Heartbleed/ but got back the following -
Quote:
tls: oversized record received with length 20291
Had another look to see if I'd missed anything and spotted the advice - "check the SSL certificates in the Manage SSL Hosts interface of WHM."
When I navigate to SSL/TLS » Manage SSL Hosts, it shows the following -
Quote:
There are no secure sites configured on your server!
So now I'm a bit confused. Do I need to generate an SSL certificate and signing Request and install it? If so, is it just for the domain WHM is installed on?
Hope someone can advise.
Continue reading...
I have a managed VPS running CENTOS 6.5 x86_64 virtuozzo with WHM 11.42.1 (build 5). I've tried to make sure my server is secured against the heartbleed bug, but I'm not sure if I'm completely there.
This is what I've done so far -
Performed a "yum update from command line to install the patched version of OpenSSL. That showed fix to CVE-2014-0160
In WHM, navigated to Home » Service Configuration » Manage Service SSL Certificates. Then clicked Reset Certificate for each service: FTP, Exim, cPanel/WHM/Webmail Service, and Dovecot.
Changed root password.
Rebooted server.
I tested the server using filippo.io/Heartbleed/ but got back the following -
Quote:
tls: oversized record received with length 20291
Had another look to see if I'd missed anything and spotted the advice - "check the SSL certificates in the Manage SSL Hosts interface of WHM."
When I navigate to SSL/TLS » Manage SSL Hosts, it shows the following -
Quote:
There are no secure sites configured on your server!
So now I'm a bit confused. Do I need to generate an SSL certificate and signing Request and install it? If so, is it just for the domain WHM is installed on?
Hope someone can advise.
Continue reading...
