| *** nowen (~nowen@adsl-98-66-183-205.asm.bellsouth.net) has joined #wikid | 14:39 | |
| *** beckman68 (ada06522@gateway/web/freenode/ip.173.160.101.34) has joined #wikid | 14:51 | |
| nowen | howdy beckman68 | 14:51 |
|---|---|---|
| beckman68 | I am doing a PCI scan and it is failing do to SSL cert. 1 because it's "self signed" the other because it is expired. Any idea how to get around this or can I get a cert for am IP address, it does not have a domain name | 14:53 |
| nowen | Is this an internal scan? | 14:53 |
| beckman68 | Good morning by the way. | 14:54 |
| beckman68 | external | 14:54 |
| nowen | morning ;) | 14:54 |
| nowen | Do you need the WiKIDAdmin to be exposed externally? I recommend blocking it at your firewall | 14:54 |
| beckman68 | I have even blocked HTTP and HTTPS from outside the network so I'm not sure how it is getting this info. | 14:55 |
| nowen | hmm, the tokens use port 80, so if you did that, the users should notice ;) | 14:55 |
| beckman68 | What ports need to be opened? | 14:56 |
| nowen | externally, just 80 | 14:56 |
| beckman68 | I'll need to look at that again then because I blocked it on the outside interface for inbound. | 14:57 |
| nowen | run 'ifconfig' on the terminal to see what IPs are configured for the server. Could be there is more than the one you are expecting | 14:58 |
| beckman68 | I'll check that now, thanks. | 14:59 |
| beckman68 | OK the only port I have open is 80. So if that is open than I will need to have a cert because if you open a web page to the outside IP address it takes you to the HTTPS site. Anyway around that? | 15:32 |
| nowen | if you block 443, it will not redirect, right? | 15:33 |
| beckman68 | OK I just blocked it and started another scan. This should take care of it, I think I had the order backwards. | 15:52 |
| nowen | ok - and you can put your own cert in there if you want. it is /opt/WiKID/conf/tomcatKeystore. it just needs to be usable by tomcat | 15:52 |
| nowen | but not exposing your WiKID server admin interface to the internet is better ;) | 15:53 |
| beckman68 | No I don't want access to the admin site at all so this should be blocking it fine now. The scan will be done soon. | 15:55 |
| *** nowen has quit (Quit: Leaving.) | 21:51 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!