Be aware that your private key might already have leaked without any notice. So your best bet is to withdraw your certificates and renew all keys/certificates on the affected machines.Yes, I suppose by now everybody has read the general hints on heartbleed.com ; it might even be that previous traffic can be decrypted. You need to change private keys, certificates, etc, all that is used by openssl to identify the communication partner.
JC
