Troubleshooting

Port 443 Scans

Important: In order to fully address this issue, it is important to understand SSLCipherSuite entries and their values. You can find the required reading at http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite.

If you have already configured SSLCipherSuite at the Apache Global Configuration screen and PCI compliance scans of port 443 do not pass, it may be due to other SSLCipherSuite entries in your httpd.conf file. To correct this problem, you will need to:

1. Check for additional SSLCipherSuite entries in httpd.conf:
   • grep -i sslciphersuite /usr/local/apache/conf/httpd.conf
2. Check your VirtualHosts:
   • grep sslciphersuite /var/cpanel/userdata/*/*_SSL
3. If the previous step returned results, you may want to remove the existing SSLCipherSuite entries:
   • perl -pi -e 's{sslciphersuite:.*}{}ms;' path/to/file/from/step/2
4. After removing unwanted SSLCipherSuite entries, rebuild your httpd.conf file:
   • /scripts/rebuildhttpdconf
5. Ensure that there is only one global SSLCipherSuite entry:
   • grep -i sslciphersuite /usr/local/apache/conf/httpd.conf
6. If there is only one global entry, restart Apache:
   • /scripts/restartsrv_httpd
7. Retry the port 443 scan.