Heartbleed…. well….if you were vulnerable you need to replace (and importantly re-key) all your certificates that may have had their private keys revealed. Remember that although it is only OpenSSL that was vulnerable, if you use a certificate on multiple platforms, you will need to re-certificate everything, not just the devices running the now patched OpenSSL.
Not only is the task of identifying all your vulnerable devices a task in itself, finding where all your certificates are to begin the process of re-installation can be a pretty impressive feat on its own.
Scripting a discovery scan
The below bash script can be used to complete a scan against a list of IP addresses or DNS entries and will report back on the Common Name of the certificate installed.