httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Belmona, Nizar" <nbelm...@cscgroup.com>
Subject [users@httpd] SSL Certificate Validation
Date Thu, 08 Feb 2018 06:16:24 GMT
Dear users,
We are currently using Apache 2.2.22 (mod_ssl 2.2.22, OpenSSL/0.9.8t) and we have a security
concern since developers are able to bypass the SSL certificate verification when using HTTPS
calls. Kindly advise what configuration is needed to enforce the certificate verification?
In other words should anyone tries to bypass this verification, the call fails returning some
kind of error code.
Please note that our environment is a simple one; it consists of one web server with no proxies.

Your help is greatly appreciated.

Regards,


Nizar Belmona
Deputy Section Head

Card Management System Department | CSCBank SAL [cid:imaged5b512.JPG@243f48e4.45b02783]
t +961 1 742555 | ext. 1647 | f +961 1 352281
e nbelmona@cscgroup.com | w www.cscgroup.com
150 Commodore Street, Hamra | Beirut, 1103 2120, Lebanon

[cid:image358861.JPG@be4d6a98.4e95e270]

[cid:image48f45c.JPG@5ba7acc8.489e0939] Save a tree. Please consider the environment before
printing this email.


Mime
View raw message