If you are using Desktop Central build #90000, you are vulnerable to Heartbleed. You should upgrade your Apache version in Desktop Central to get this fixed.
- If your Desktop Central build number is not 90000, you are NOT Vulnerable. Do NOT Upgrade your Apache.
- Apache version used in MDM Forwarding Server is also NOT Vulnerable to HeartBleed.
Heartbleed is a vulnerability in OpenSSL in some specific versions (version 1.01 to 1.01f). Services that use the affected versions of Apache are vulnerable
Follow the steps below to upgrade your Apache version in Desktop Central
- Stop Desktop Central Server
- Rename <Desktop Central Server Home>/apache to apache_old
- Download the fix from the following URL: http://uploads.zohocorp.com/Internal_Useruploads/Desktop_Central/p18l8pb9ut133s1bbsg2aqebnjl0/apache-2.4.9-VC10.zip
- Extract it under <Desktop Central Server Home>
- Copy the server.crt, server.key and intermediate.crt files from apache_old to the apache directory. The intermediate.crt file will be there only if you have enabled 3rd party SSL in Desktop Central. If it is not there, copy the remaining two files.
- Edit the <Desktop Central Server Home>\conf\websettings.conf in an editor
- Add this line at the end and save: apache.upgrade=true
- Start Desktop Central Server.
Applies to: Heartbleed, OpenSSL vernerability
Keywords: Apache, Heartbleed, OpenSSL