Does the Heartbleed Bug in OpenSSL affect ALL SSL certs, regardless of where I purchased or if I self-cert?
For example, if I bought an SSL certificate from GoDaddy and set this up on my server following their Apache tutorial (http://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache), is this vulnerable to being exploited via Heartbleed?
The bug has no relation to certificates themselves. The bug is in the implementation of OpenSSL library, which makes it possible for malicious attacker to retrieve the private key of the server and other confidential information.
With the private key, the attacker can impersonate your web site, and possibly eavesdrop the traffic between your server and the client
So, if your server had a vulnerable version of the OpenSSL library, your private key might have been leaked and it is safest to regenerate the private key and get new corresponding certificates.
