What should I do about the Heartbleed bug for the sites I run?

The recently announced Heartbleed bug in OpenSSL affects many sites (70% of the internet).

There's a website:

http://www.heartbleed.com

There's a web-based test:

http://filippo.io/Heartbleed/

What should I do to protect the sites that I run?


You should:

  • Update your system to the latest OpenSSL version
  • Generate new keys and certificates for services relying on OpenSSL and restart them
  • Revoke former certificates
  • Invalidate all established sessions

Stolen from a reddit comment.

  1. Update your system:

    sudo apt-get update
    sudo apt-get upgrade
    
  2. Reboot the server

  3. openssl version -a to make sure you have the latest version!!