Domain says NO SSL yet PCI scan sees a cert

D

DenRomano

Verified User
Joined
Jan 30, 2011
Messages
28
Location
Vegas and So California
I turned SSL OFF for a domain as I do not need it for this domain BUT a PCI scan of that domain reports it sees a cert with a name LOCAL

I thought if I went to a domain with https that DA has SSL turned off I would get a server error but I get a IE error that the cert is not trusted and does not match the domain name in the URL

This is the site

https://www.keyphonesdirect.com/
 
Hello,

I wonder what is your question? Since you did not specify your question, I could only clarify the situation. By default Apache installed and configured by Directadmin listens to both 80 and 443 ports (on all IPs), and even if your domain has no SSL enabled, apache will still respond on the requests, unless your domain has a dedicated IP with disabled 443 port for it. And if there is no virtual host for the domain with port 443 you will see the default page of the server (this is the page which you see).
 
That answered my question. I though if DA had SSL turned off it would not listen on that port.

So I still need to solve the problem for the PCI scan. The scan is finding a self signed cert on the server and failing. How do I find where the cert is so I can remove it?
 
If you only remove physically cert, it will make impossible to start Apache. If you don't use SSL for any domains on your server, you'd better block 443 port with your firewall.
 
You must log in or register to reply here.
Back
Top