The server is a CentOS box with the default LAMP stack running. A PCI scan lists this as a fail:
SSL Certificate Cannot Be Trusted https (443/tcp)
Severity: Medium
Notes: none
We don't actually have an SSL cert, nor do we attempt to use SSL on this box.
Is it just a case of closing port 443? If so, what's the best way to go about that, Apache conf?
Update
I have commented out Listen 443 from /etc/httpd/conf.d/ssl.conf and 443 now appears to be closed. If anyone has any criticisms etc, please post…
Best Answer
Turn it off in the web server config, then it won't be listening on the port. I would expect that you'd fail a decent PCI scan if you don't have SSL protection on any part of the site that handles credit card data, though, so you might want to look into doing SSL properly.