PCI uncompliant apache Tomcat site after installation of SSL certificate on server

Posted on 2011-10-31
Last Modified: 2012-05-12
I've got problems getting our TomCat application PCI compliant after installing an SSL certificate on the server.
After installing a SSL certificate on our server (that hosts multiple sites) one of our sites that are NON-SSL, on the same server, gets PCI uncompliant. It seems like the PCI scan thinks the site is SSL due to the certifificate installation on the server.

The description of the problem is as followed:
"The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all."

Note: This is considerably easier to exploit if the attacker is on the
same physical network.

General Solution:
"Reconfigure the affected application if possible to avoid use of weak

Is there a way to disable SSL for this specific Tomcat site, that is hosted on the same server?
(To get PCI compliance for the site)
Question by:dianyk
    LVL 8

    Expert Comment

    Depending on your needs, you can come up with an SSLCipherSuite line that handles the job for you.


    Accepted Solution

    Issue solved. All I needed to to was to change chipher accepted in server.mxl

    Author Closing Comment

    It was an easy configuration in the server.xml. 100% solution

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
    One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now