I’ve had to mitigate the effects of the recently discovered Heartbleed bug on two Ubuntu servers. It’s actually very easy to fix. Unfortunately most articles out there have a lot of technical fluff and drone on about version numbers and such. So here’s the short version of how to fix Heartbleed on Ubuntu (this should work for most other server OSes too).
sudo apt-get update && sudo apt-get upgradewill update and upgrade your packages including OpenSSL (non-Ubuntu users just use your package manager – by now all the major OSes have patched OpenSSL versions in their repositories)
Now check to make sure you have the fixed version by running
openssl version -b. If you see the date as April of 2014 you’re good to go.
Generate a new CSR and key file, send it to your SSL provider, and ask them to reissue your certificates.
Install the new SSL certificates.
That’s it. Enjoy the rest of your day.