PCI Compliance Apache ssl.conf (linux)

Making your ssl.conf compliant for pci.

By default your ssl.conf usually includes weak protocols this will not pass a pci audit the fix is easy.

1. Make a back up of your current ssl.conf for roll back purposes

cp  /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.`date +%y%m%d%H%M%S`

2. Verify your back up was created as expected

ls -l /etc/httpd/conf.d/ | grep ssl.conf

3. Edit the protocol and ciphersuite lines


comment out

#SSLProtocol all –SSLv2


Add in

SSLProtocol -ALL +SSLv3 +TLSv1

4. Restart Apache

service apache restart


service httpd restart