Dear opsi users,
we will give some answers concerning the ssl-heartbleed bug and opsi.
The opsi-client-agent is not (!) affected.
The opsi-server is affected, if it runs with an affected linux-version.
In this case, you should install the actual patches, of your server OS system
After updating the openSSl libraries the opsiconfd should be restarted
Code: Select all
/etc/init.d/opsiconfd restart
/etc/init.d/opsipxeconfd restart
You should also renew the opsi server certificate:
- If you use the mode veryfy_server_cert_by_ca (and bought a certificate at uib)
Please write us a mail (info(at)uib.de). We send you a new one.
Code: Select all
opsi-setup --renew-opsiconfd-cert
- If you use the mode veryfy_server_cert, the clients will refuse the connect.
Because of this, you have to delete the clients certificate cache:
Code: Select all
opsi-admin -d method hostControlSafe_opsiclientdRpc deleteServerCerts "" "*"
This method affects only the running clients. So you'll have to repeat if several times.
With kind regards,
Birgit Hubal