On Monday, April 7th, the OpenSSL Project released an update to address a serious security issue – CVE-2014-0160
– nicknamed “Heartbleed”.
PA Server Monitor, PA Storage Monitor and PA File Sight all use OpenSSL as part of the internal HTTPS server.
On April 10th, we released version 5.4 of each of the above applications, which now use the patched version of OpenSSL – version 1.0.1g.
Upgrading to version 5.4 will install the fixed OpenSSL version which will fix the Heartbleed issue. With Heartbleed, it is possible that someone may have obtained server certificates. Because of that, it’s recommended that everyone affected create new SSL certificates. If you are using the default self-signed certificate, this can be done most easily by:
- Stop the monitoring service
- Delete the CA folder in your product folder (C:\Program Files\PA Server Monitor, C:\Program Files\PA Storage Monitor or C:\Program Files\PA File Sight)
- Restart the monitoring service.
It will take approximately one minute to create a new CA folder with the appropriate certificates. After the new certificates are created, monitoring will resume and you’ll be able to connect with the Console.
Software Affected by Heartbleed
For all three of the above mentioned products:
- Versions 3.x and 4.x are NOT affected (an older version of OpenSSL was used which did not have the Heartbleed flaw).
- Versions 5.0.x.x to 5.3.0.192 ARE affected.
- Version 5.4.0.148 and newer are NOT affected.
If you are currently using version 5.x that is older than 5.4.0.148, upgrade to the latest production release. Upgrading will keep your databases, configuration and licenses intact.
You can get the latest version at:
PA Server Monitor: /servermonitor/download.aspx
PA Storage Monitor: /storage-monitor/download.aspx
