Due to the openssl heartbleed bug I have issued new (self-signed) openssl cert.

Hi there.

Yes. The warning that You just saw was caused by the new self-signed ssl cert. Why did I changed / re-issued it? Because of the openssl bug.

This server is (for a couple of days now – Install Date : Tue 08 Apr 2014 05:44:41 IST) using openssl 1.0.1.g-1 (fixed) version of the package. I have however decided to issue a new cert just in case the previous private keys have leaked. I have also changed all the passwords. Just a precaution I guess…

Is Your site affected? Test it here, here, here, here and here.

I did…

Andrzejl No Ip Org 30303 Heartbleed Test Results

Andrzejl No Ip Org 30303 Heartbleed Test Results

I have also decided that since I have (few months ago) upgraded to Apache 2.4 (finally!) it was time to re-test the SSL config against the Qualys SSL Labs standards and took their test… Results are even better then before… ;)…

Again – only the self signed SSL cert lowered my grade to F. Sometime in the future when I will change by broadband provider and I will get (almost) static IP I will buy a proper domain and I will get a proper SSL Certificate. For now – this will do JUST FINE.

On more positive note… As You can see on the screenshot from the Qualys SSL Test below my server is supporting Forward Secrecy with all the TLS 1.2 compatible (other suites are not allowed in my server config) browsers which means that even if someone was constantly listening / recording the traffic AND they stole / sniffed out the private keys the encrypted packets they have are still fairly safe…

SSL Labs Dot Com Test Result 002 Apache 24




"Never meet Your heroes. Most of the time you'll only end up disappointed." White Polak Male Husband Employee Hetero Carnivorous Fugly Geek @$$hole with ADD Catholic “Some men just want to watch the world burn.”

Comments are closed.