Badly entered SSL certificate can take down whole apache server
Hi Falko, Till and everybody,
It appears to me that any client in ispconfig3, whether intentionally/maliciously or accidentally can take down the entire apache server (and therefore all client sites) through entering a badly configured ssl certificate for their own site. Is this the case or am I missing something?
Of course, if this is the case, this can be a serious situation where all client sites go down whenever an individual enters their certificate wrongly, and even if an accident they cannot fix it through the web interface if ispconfig is on the same apache server.
Questions:
If this is indeed the case that a badly entered ssl will bring down the entire apache server, then:
Is there a way to remove ssl functionality from the clients control panels in order to block this from happening with or without hacking core?
Is there a better way to deal with this that I am missing, or should I file a bug report/ feature request?
Thanks for all the hard work on ispconfig3,
Thomas
PS I've searched the forum and manual and seen that this has happened to other people but have found no solution to stop this from being able to happen...but I have possibly/probably missed something?
Last edited by teoverton; 23rd April 2012 at 14:36.
Reason: typo
|
English | 
Deutsch
Threaded Mode
Recent comments
18 hours 21 min ago
1 day 3 hours ago
1 day 4 hours ago
1 day 8 hours ago
1 day 12 hours ago
1 day 12 hours ago
1 day 15 hours ago
2 days 1 hour ago
2 days 6 hours ago
2 days 7 hours ago