Recent reports of the Debian SSL vulnerability (see US-CERT and El Reg) give thorough and careful explanations of the issue.  It's worth emphasising a few points:

•          It's where the keys are generated that matters – not where the keys are used.  So if you generated a certificate using the affected Debian platform, you're affected, even the certificate is used on a Windows platform, or some other Unix.

•          If the certificate was signed by your private CA, just follow your own standard replacement procedure. If the certificate was signed by a public CA, you'll need to go through their certificate replacement procedure.   It's encouraging that public CAs are taking a constructive attitude to this problem (see Verisign's press release, and Thawte's reissue policy, for example).

•          Don't forget to install the replacement certificate on all machines that need it (for example, if it is a wildcard certificate). 

If you think you might be affected by this problem, don't ignore it. Grasping for a silver lining – at least you can treat this as a fire drill for a nastier occasion, like your certificate being stolen.

There's recently been a fair amount of discussion on security and Presentation Server installation, with some insightful responses (see Brian Madden's blog entry). One point about the original posting: it was concerned with attacks from authenticated users only. An Internet attacker has to jump the authentication hurdle first. That's why strong authentication is so important for Internet-facing deployments.

The book Citrix Access Security for IT Administrators (ISBN-13: 978-0-07-148543-2) is a great resource for planning and securing your setup. Several Internet-facing configurations are described. It doesn't cover everything: we had to leave out Access Gateway because it didn't fit the editorial timetable; and those with specific regulatory requirements will also want to refer to the Common Criteria documentation, and the Security Standards and Deployment Scenarios documents, at https://www.citrix.com/security.

And yes, this edition of the book covers Presentation Server 4.0. We'd love to do a second edition for Presentation Server 4.5 and later. Getting into print is a lot of work, so we'd like to know first whether you like this kind of security material in book form, or delivered some other way. The Common Criteria documentation and the Security Standards and Deployment Scenarios document are already posted for Presentation Server 4.5. Let us know your thoughts.

Also, since this book was written, we launched the Citrix Ready program. Take a look at the Citrix Ready Products Guide for third-party information - there's a section for security products.

Finally, consider whether SmartAuditor is a good fit to your organization. It's a powerful tool for addressing the risks from authenticated users. At this time, it is a feature of the Platinum Edition of Presentation Server - see Citrix Presentation Server Editions.