Making a website in ISPConfig PCI compliant

Discussion in 'ISPConfig 3 Priority Support' started by webguyz, Jul 26, 2016.

  1. webguyz

    webguyz Active Member HowtoForge Supporter

    Have a customer send me a pdf of PCI scan results where there were a lot of failures. Has anyone recently had to make a site PCI compliant? The PCI scanner company was Trustwave. Website is on Wheezy and some of the failures indicate that things are fixed in Apache 2.4

  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Remove self-signed-certs, check hostnames for the ssl-certs, disallow TLS 1, check the ssl cipher-suites, close port 3306.... usually, you see the detected problems in the report. You can not "secure" a single website. Most "problems" are related to the server itself and ispconfig does not (and should not) change all relataed configs.
    webguyz likes this.

Share This Page