View Single Post
  #1  
Old 23rd April 2012, 15:35
teoverton teoverton is offline
Junior Member
 
Join Date: Mar 2011
Posts: 9
Thanks: 4
Thanked 0 Times in 0 Posts
Default Badly entered SSL certificate can take down whole apache server

Hi Falko, Till and everybody,

It appears to me that any client in ispconfig3, whether intentionally/maliciously or accidentally can take down the entire apache server (and therefore all client sites) through entering a badly configured ssl certificate for their own site. Is this the case or am I missing something?
Of course, if this is the case, this can be a serious situation where all client sites go down whenever an individual enters their certificate wrongly, and even if an accident they cannot fix it through the web interface if ispconfig is on the same apache server.

Questions:
If this is indeed the case that a badly entered ssl will bring down the entire apache server, then:

Is there a way to remove ssl functionality from the clients control panels in order to block this from happening with or without hacking core?

Is there a better way to deal with this that I am missing, or should I file a bug report/ feature request?

Thanks for all the hard work on ispconfig3,
Thomas

PS I've searched the forum and manual and seen that this has happened to other people but have found no solution to stop this from being able to happen...but I have possibly/probably missed something?

Last edited by teoverton; 23rd April 2012 at 15:36. Reason: typo
Reply With Quote
Sponsored Links