You’ve possibly heard about the OpenSSL exploit (commonly referred to as “Heartbleed”) affecting many web servers across the world.
We at Nexcess wanted to update you on what we are doing to address the issue.
We have already patched any of our servers that could have been affected. For more details about the patch, please see our blog post from yesterday:
Since there is no way to detect if a site had any data exploited due to this recent OpenSSL vulnerability, if you purchased the SSL certificate through Nexcess, we are going through all affected servers and automatically submitting a re-key request on your behalf. All you need to do is validate the ssl re-key request when you receive the SSL validation email.
Please note, other clients are also requesting re-keys, so it might be a few days before the certificate is re-keyed and installed. We appreciate your patience in this process as our SSL vendors are also dealing with a high volume of re-keys at this time.
If you did not purchase the SSL through Nexcess, you will need to contact your SSL vendor and ask them to re-key the certificate for you. We will then be happy to install the re-keyed certificate if you need assistance doing so.
Once your SSL certificate has been re-keyed and installed, we then suggest changing your passwords (and not just on our systems, but everywhere on the web).
Please feel free to email firstname.lastname@example.org if you have any questions or concerns.