I'm working on doing some upgrade testing to mitigate the Heartbleed issue and some other vulnerabilities. Part of that is updating OpenSSL, but I'm a bit confused about something and am hoping that someone can help me. I've done at least a dozen internet searches and can't find the answer. It's probably simple, but I'd like to find out anyway.
What do I need to do in order to update the version of OpenSSL that is included in the Apache HTTP server release? I've installed OpenSSL 1.0.1g on the server, but the older version is still in the apache /bin directory. Do I simply replace the openssl executable or is there some kind of change that needs to be made in the httpd.conf file to point to the newer installation?