PCI compliance scans of port 443 may fail after you have configured the SSLCipherSuite directive in the Global Configuration section of WHM's Apache Configuration interface (WHM >> Home >> Service Configuration >> Apache Configuration). To troubleshoot this issue, check for other SSLCipherSuite entries in your
Troubleshoot scans of port 443
Check for SSLCipherSuite entries.
Search for SSLCipherSuite entries in the
httpd.conf file and users' SSL data files. To do this, run the following commands:
If either of these commands returns results, the scans failed because of these entries.
Remove the SSLCipherSuite entries.
Remove the existing SSLCipherSuite entries from the
httpd.conf file and users' SSL data files. To do this, perform the following steps:
- If the
httpd.conffile contained SSLCipherSuite entries, edit the
httpd.conffile to remove them.
If users' SSL files contained SSLCipherSuite entries, run the following command, where
userpathrepresents the path to a file that contained an SSLCipherSuite entry:
If you edited the
httpd.conf file, you must rebuild it. To do this, run the
Check for a global SSLCipherSuite entry.
After you perform these steps, only a single global SSLCipherSuite entry should exist on your server. To ensure that only one entry exists, run the following command:
Restart Apache and retry the scan.
To restart Apache, run the
/scripts/restartsrv_httpd script. Then, retry the port 443 scan.