Problem

If you are using Desktop Central build #90000, you are vulnerable to Heartbleed. You should upgrade your Apache version in Desktop Central to get this fixed.

Note:

  1. If your Desktop Central build number is not 90000, you are NOT Vulnerable. Do NOT Upgrade your Apache.
  2. Apache version used in MDM Forwarding Server is also NOT Vulnerable to HeartBleed.

Cause

Heartbleed is a vulnerability in OpenSSL in some specific versions (version 1.01 to 1.01f). Services that use the affected versions of Apache are vulnerable

Resolution

Follow the steps below to upgrade your Apache version in Desktop Central

  1. Stop Desktop Central Server
  2. Rename <Desktop Central Server Home>/apache to apache_old
  3. Download the fix from the following URL: http://uploads.zohocorp.com/Internal_Useruploads/Desktop_Central/p18l8pb9ut133s1bbsg2aqebnjl0/apache-2.4.9-VC10.zip
  4. Extract it under <Desktop Central Server Home>
  5. Copy the server.crt, server.key and intermediate.crt files from apache_old to the apache directory. The intermediate.crt file will be there only if you have enabled 3rd party SSL in Desktop Central. If it is not there, copy the remaining two files.
  6. Edit the <Desktop Central Server Home>\conf\websettings.conf in an editor
  7. Add this line at the end and save: apache.upgrade=true
  8. Start Desktop Central Server.

Applies to: Heartbleed, OpenSSL vernerability

Keywords: Apache, Heartbleed, OpenSSL

Other KB articles 24/5 Support

Support will be available 24hrs a day and five days a week (Monday through Friday), excluding USA & India public holidays.

Tel : +1-888-720-9500
Email : desktopcentral-support@manageengine.com

Speak to us

  • Join the Desktop Central Community, to get instant answers for your queries, register with our Forum.
  • Look out for the latest happenings in Desktop Management, follow our Tweets on Twitter.
  • Get to know the latest updates and Best Practices in Desktop Management through our Blog.

我们的客户

展开