PCI uncompliant apache Tomcat site after installation of SSL certificate on server

I've got problems getting our TomCat application PCI compliant after installing an SSL certificate on the server.
After installing a SSL certificate on our server (that hosts multiple sites) one of our sites that are NON-SSL, on the same server, gets PCI uncompliant. It seems like the PCI scan thinks the site is SSL due to the certifificate installation on the server.



The description of the problem is as followed:
"The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all."

Note: This is considerably easier to exploit if the attacker is on the
same physical network.

General Solution:
"Reconfigure the affected application if possible to avoid use of weak
ciphers."


Is there a way to disable SSL for this specific Tomcat site, that is hosted on the same server?
(To get PCI compliance for the site)
dianykAsked:
Who is Participating?
 
dianykConnect With a Mentor Author Commented:
Issue solved. All I needed to to was to change chipher accepted in server.mxl
0
 
vinsvinCommented:
Depending on your needs, you can come up with an SSLCipherSuite line that handles the job for you.

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite

0
 
dianykAuthor Commented:
It was an easy configuration in the server.xml. 100% solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.