1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel & Heartbleed - message for hosts!

Discussion in 'Web Hosting' started by fatboy, Apr 14, 2014.

  1. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Sorry for dumping this in here, if its in the wrong place please feel free to move it - just seemed the right place to try for!

    On some servers I manage (mainly Centos 6.5), the normal cPanel upgrade / yum update hasn't been updating OpenSSL to a non-vulnerable version (1.0.1g) so I had a dig about and to do it via SSH, follow these steps:

    Code:
    cd /usr/src
    wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz -O openssl-1.0.1g.tar.gz
    tar -zxf openssl-1.0.1g.tar.gz
    cd openssl-1.0.1g
    ./config
    make
    make test
    make install
    
    To check if you have the latest version, type:

    Code:
    openssl version
    
    You should see version 1.0.1g
    If you see the old version still, follow these steps:

    Code:
    mv /usr/bin/openssl /root/
    ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
    
    Try
    Code:
    openssl version
    
    again and you should now see the new version.

    Thats not it - you now have to reissue the certificates being used with WHM / cPanel for the secure ports.

    To do this bit, log into WHM and find the option on the left hand side that is 'Manage Service SSL Certificates'.
    On each of the services listed, click the 'Reset Certificate' link to the right, they will be reset using the non-vulnerable version of OpenSSL


    Normal get out of jail free clause: this has worked for me across multiple servers but your experience may be a lot different! When using CentOS I use version 6.5 64bit.

    Hope that helps someone!
     
    • Thanks Thanks x 3
    Last edited: Apr 14, 2014
  2. Roshaen

    Roshaen Elite Member

    Joined:
    Sep 24, 2012
    Messages:
    2,238
    Likes Received:
    1,351
    Location:
    Please Pray For My DAD
    Thanks a lot.
    I hope this will definitely help some web host owners.
     
    • Thanks Thanks x 1
  3. baoxiao99

    baoxiao99 Newbie

    Joined:
    Nov 19, 2013
    Messages:
    15
    Likes Received:
    2
    Home Page:
    Useful information, just in time
     
  4. HerpDerpSlerp

    HerpDerpSlerp Power Member

    Joined:
    Mar 19, 2013
    Messages:
    778
    Likes Received:
    623
    As soon as the heartbleed bug went public I made sure all my servers was running the patched version of openssl. This is good information for all.