The original post: /r/nginx by /u/Elegant-Arthur100 on 2024-06-24 06:34:21.
So we have an NGinx servers that were flagged during pentests as they have expired SSL certs installed.
The thing is - they expired years ago, and they are for localhost only ( so when they query using openssl command the public ip of the box itself on port 443 - they get that information for their tests ) . There are some other services configured with separate certs that are up to date, but I just wonder if I can somehow just hide or stop responding to openssl queries when they test the localhost ip address ? Because - if those certs are years out of date, that means nobody uses that SSL connection anyways correct? I have the same issue on apache servers - would that be possible to block that ssl traffic to localhost there as well?
You must log in or register to comment.