Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Heartbleed" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Security/Heartbleed?action=diff&rev1=1&rev2=2 This is an easy 2-step process: - 1. Update OpenSSL to a version that includes the fix. The natural version number for this is 1.0.1g, though some package maintainers have chosen to back-port their fixes to versions with a lower patch-level. Among such maintainers are Debian and probably also Debian-based distributions such as Ubuntu. + 1. Update OpenSSL to a version that includes the fix. The natural version number for this is 1.0.1g, though some package maintainers have chosen to back-port their fixes to versions with a lower patch-level. Among such maintainers are Debian and probably also Debian-based distributions such as Ubuntu. - + - 2. Re-key your server. This means creating a new RSA or DSA server key, creating a new CSR for your Certificate Authority, and applying for a replacement certificate. All CAs allow for the revocation of a server certificate due to “key compromise” which is exactly the reason for the re-keying of your server. You should be able to obtain a replacement certificate at no charge, though free-certificate providers may charge a fee for revocation/replacement. + 1. Re-key your server. This means creating a new RSA or DSA server key, creating a new CSR for your Certificate Authority, and applying for a replacement certificate. All CAs allow for the revocation of a server certificate due to “key compromise” which is exactly the reason for the re-keying of your server. You should be able to obtain a replacement certificate at no charge, though free-certificate providers may charge a fee for revocation/replacement. == Is there anything else I need to do? == --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
