Page tree
Skip to end of metadata
Go to start of metadata

Overview

Important

To fully address this issue, you must understand SSLCipherSuite entries and their values. For more information, read Apache's mod_ssl documentation.

PCI compliance scans of port 443 may fail after you have configured the SSLCipherSuite directive in the Global Configuration section of WHM's Apache Configuration interface (WHM >> Home >> Service Configuration >> Apache Configuration). To troubleshoot this issue, check for other SSLCipherSuite entries in your httpd.conf file.

Notes:

Troubleshoot scans of port 443


Check for SSLCipherSuite entries.

Search for SSLCipherSuite entries in the httpd.conf file and users' SSL data files. To do this, run the following commands:

grep  -i sslciphersuite /usr/local/apache/conf/httpd.conf
grep sslciphersuite /var/cpanel/userdata/*/*_SSL

If either of these commands returns results, the scans failed because of these entries.

 


 

Remove the SSLCipherSuite entries.

Remove the existing SSLCipherSuite entries from the httpd.conf file and users' SSL data files. To do this, perform the following steps:

  • If the httpd.conf file contained SSLCipherSuite entries, edit the httpd.conf file to remove them.
  • If users' SSL files contained SSLCipherSuite entries, run the following command, where userpath represents the path to a file that contained an SSLCipherSuite entry:

    perl -pi -e 's{sslciphersuite:.*}{}ms;' userpath

 


 

Rebuild the httpd.conf file.

If you edited the httpd.conf file, you must rebuild it. To do this, run the /scripts/rebuildhttpconf script.

 


 

Check for a global SSLCipherSuite entry.

After you perform these steps, only a single global SSLCipherSuite entry should exist on your server. To ensure that only one entry exists, run the following command:

grep -i sslciphersuite /usr/local/apache/conf/httpd.conf

 


 

Restart Apache and retry the scan.

To restart Apache, run the /scripts/restartsrv_httpd script. Then, retry the port 443 scan.


Additional documentation

There is no content with the specified labels

Error rendering macro 'contentbylabel' : parameters should not be empty

There is no content with the specified labels

There is no content with the specified labels