Heartbleed vulnerability (CVE-2014-0160) - are you affected?

Many of you are probably wondering if you have to worry about the Heartbleed vulnerability if you are hosted with HelpingHost.com.

The short answer is NO.

Heartbleed is a recently found vulnerability in the so called "TLS heartbeat extension" of OpenSSL. A piece of software installed on most web servers.

This TLS extension however was only added to OpenSSL in Version 1.0.1 and newer which means that older versions of OpenSSL simply do not have this featrure.

The infrastructure currently in production here at HelpingHost.com is based on CentOS 5 and Redhat Enterprise Version 5.

These operating systems are using a secure and fully vendor patched OpenSSL version 0.9.8e.

Because of this our servers (your websites) are NOT affected by the Heartbleed vulnerability  (CVE-2014-0160).

Add a comment

Joomla 3.3 is coming soon - Whats new?

  • One important change with Joomla 3.3 is the fact that it requires PHP 5.3.10 as a minimum.
    This means you should make sure you have set your website to run PHP 5.3 fastcgi or higher. (This is done in our hosting control panel. A setting per website)
  • Next, the Mootools javascript library has been completely replaced by JQuery.
  • Microdata - which will allows you to add contextual information to anything on your website using a clean standard.
    This in turn will make it easier for search engines to understand your website. For example adding an author name to an article.
  • 3rd party storage API. You will be able to store certain files such as Videos or Pictures on a service such as DropBox or Amazon S3.
  • Ability to have users edit modules in the frontend if you gave them permission.

What's new in Joomla 3.3 - An infographic by the team at JoomlArt.comJoomlArt.com

Add a comment

How to convert a IIS SSL certificate and Apache private Key into a PFX Certificate.

How to convert a IIS SSL certificate and Apache private Key into a PFX Certificate. So, you are in the unlikely situation of have an OpenSSL private key and a IIS PCB7 Certificate from a certificate Authority. You would like to install these two in IIS. Of course after an hour of trying to figure it out you will notice that it simply can not be done. You need to perform some conversions to turn the .cer and .key into an .pfx file. These are the steps:
  • First convert the issued certificate from the CA (its in the format of P7B mostly ending in .cer) into a pem file.
openssl pkcs7 -print_certs -in domainname.cer -out domainname.pem
  • Next, convert the pem certificate and the private key into the PFX cert.
openssl pkcs12 -export -out domainname.pfx -inkey private.key -in domainname.pem
  • The resulting domainname.pfx file can now be imported via the certificate MMC snap-in (Local Computer Account).
  • Once imported, just open the Website properties -> Directory Security Tab -> Server Certificate -> Assign an existing certificate.
  • Voila, you have just created and installed a pfx certificate from an PEM private Key and a P7B Certificate.
One last tip, if you ever have odd issues with a site not responding with an SSL certificate installed. Download and install Microsofts SSLDiag tool. It works great!
Add a comment
Handler : Shared memory (Apc)
Cache hits : 0 [N/A]
Cache misses : 0 [N/A]
Cache total : 0
Url added to cache : 0

Misses list