I've got problems getting our TomCat application PCI compliant after installing an SSL certificate on the server.
After installing a SSL certificate on our server (that hosts multiple sites) one of our sites that are NON-SSL, on the same server, gets PCI uncompliant. It seems like the PCI scan thinks the site is SSL due to the certifificate installation on the server.
The description of the problem is as followed:
"The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all."
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
"Reconfigure the affected application if possible to avoid use of weak
Is there a way to disable SSL for this specific Tomcat site, that is hosted on the same server?
(To get PCI compliance for the site)