forum.opsi.org

Dear opsi users,

we will give some answers concerning the ssl-heartbleed bug and opsi.

The opsi-client-agent is not (!) affected.

The opsi-server is affected, if it runs with an affected linux-version.
In this case, you should install the actual patches, of your server OS system
After updating the openSSl libraries the opsiconfd should be restarted

Code: Select all
/etc/init.d/opsiconfd restart
/etc/init.d/opsipxeconfd restart


You should also renew the opsi server certificate:

- If you use the mode veryfy_server_cert_by_ca (and bought a certificate at uib)
Please write us a mail (info(at)uib.de). We send you a new one.

Code: Select all
opsi-setup --renew-opsiconfd-cert

- If you use the mode veryfy_server_cert, the clients will refuse the connect.
Because of this, you have to delete the clients certificate cache:

Code: Select all
opsi-admin -d method hostControlSafe_opsiclientdRpc deleteServerCerts "" "*"

This method affects only the running clients. So you'll have to repeat if several times.

With kind regards,
Birgit Hubal