Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Fixing OpenSSL vulnerabilities in Apache? |
|
| Author |
|
alexjohnb
Joined: 26 Aug 2011
Posts: 22
Location: Middlesex University
|
 Posted: Tue 27 Sep '16 14:44 Post subject: Fixing OpenSSL vulnerabilities in Apache? |
 |
|
I have two secure Apache web servers which apparently have OpenSSL vulnerabilies.
One expert has told me that I can address these by merely upgrading Apache and OpenSSL; there is no need to obtain a new certificate -- I can continue to use the existing certificates.
Another expert has told me that, as well as upgrading Apache and OpenSSL, I should also obain a new SSL Certificate with a CSR generated by the later version of OpenSSL.
So who is correct?
Many thanks. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Tue 11 Oct '16 21:34 Post subject: |
|
|
| You don't need a new SSL cert if it is still valid. |
|
| Back to top |
|
|
|
|
|
|
