On April 6th 2014, an important problem (that is now public) was discovered in the OpenSSL library. This vulnerability allows an attacker to recuperate an SSL private key and other sensitive information by establishing a secure connection to the vulnerable server.
Less than 12 hours after the public announcement of this vulnerability’s existence, all of our infrastructures were updated with the required “patch”. After leading multiple tests, we can confirm that the vulnerability is no longer present on the entirety of our platform.
The short period of time that has elapsed between the moment the vulnerability was identified and the security update on our infrastructures (as well as the series of tests leading to putting the patch into place), allow us to state that the integrity of your services and your SSL certificates do not need to be questioned.
That being said, Funio still decided, as a precautionary measure, to generate new SSL certificates for our own secured pages (such as https://hub.funio.com). Although our confidence level was already very high, changing our certificates ensures us that there is no way for any malevolent entity to exploit the vulnerability. Therefore, this was an additional measure undertaken to ensure the security of your personal information and data.
Your Preventive Measures
Even if we think it is not essential, if you wish to proceed with the modification of your SSL certificate, follow the instructions below based on your situation:
- If you purchased a Funio SSL Certificate that was installed automatically to your Panelbox server, communicate with our support team and we will proceed to change the certificate for you.
- If you submitted your own CSR and installed your certificate manually on your Panelbox server, you will have to generate a new CSR based on a new Private Key. Then, contact our support team with the new CSR so we can proceed with the rest.
- If you use an SSL certificate from another provider and hosting on your Funio account, you will have to contact your certificate authority and ask for the procedure on how you can reissue your certificate.
Also, if you accessed the Customer Hub or your cPanel on April 6th, even if nothing indicates that there was any intrusion on our secured pages, you can also go ahead and modify your passwords preventively.
More Information
If you wish to know more about SSL certificates with Funio in general, as well as installation guides, you are welcomed to visit our Knowledge Base. You will find precise documentation to guide you through SSL certificate management.
All the details on this OpenSSL vulnerability is available on heartbleed.com.
If you have any questions or concerns about your Funio services, do not hesitate to contact us!
