Hi,
There is a security hole in the prior OpenSSL versions, so you can upgrade OpenSSL by doing the following set of commands in shell:
openssl version
Most should be 0.9.7a. If you find a different version such as 0.9.8, please email
dedicated@lunarpages.com to ask an admin what to do.
mkdir /root/setup && cd /root/setup
wget http://www.openssl.org/source/openssl-0.9.7k.tar.gz
tar -xvzf openssl-0.9.7k.tar.gz
cd openssl*
./config
make
make install
For ./config, make and make install commands, allow the command to process and complete prior to going onto the next command.
Then restart Apache however you normally do so, usually it would be the following:
/etc/init.d/httpd stop
killall -9 httpd
/etc/init.d/httpd startssl
If your server does not have /etc/rc.d/init.d symlinked to /etc/init.d, you would need to instead use /etc/init.d/rc.d for the command path. If your server does not have startssl on it, use start instead for the last command part.
Browse to a secure page on the server to test other than cPanel or WHM (provided you have any secure pages using https).
vi /etc/yum.conf
Edit the exclude line to encompass openssl so it isn’t overwritten by the old version by doing
Esc+i keys:
exclude=mod_ssl* httpd* perl mysql* php* spamassassin* kernel* exim* courier* apache* openssl*
Your listing order might differ, the only important thing is basically adding the
openssl* at the end of the exclude= line as the above example shows. You wouldn't remove or add any other ones not already in the exclude line.
Save the file (
:wq in vi).
If you have any issues arise, please let us know by sending a ticket to
dedicated@lunarpages.com or by posting those questions here.
Thanks.
