在AWS上删除恶意SSL证书
[英]Removing Rogue SSL Certs on AWS
问题描述
I have a client site set up on AWS with multiple servers running HTPPS behind an Elastic Load Balancer. 
我在AWS上建立了一个客户端站点,其中有多个服务器在Elastic Load Balancer后面运行HTPPS。 At some point, someone from the client's team attempted to update the SSL Cert by installing a new one directly on one of the servers (instead of in the ELB). 有时,来自客户团队的某人试图通过直接在其中一台服务器上(而不是在ELB中)安装新证书来更新SSL证书。
I was able to upload a new cert to the ELB, but when traffic is directed towards the server with the improperly installed cert, it triggers a security warning. 我能够将新证书上传到ELB,但是如果将流量定向到安装了错误证书的服务器,则会触发安全警告。
No one can seem to answer who attempted this install, how they went about, or where they installed it. 似乎没有人可以回答尝试安装此软件的人,进行的方式或安装位置。
What's the best way to go about finding and removing it? 找到并删除它的最佳方法是什么?
Thanks, 谢谢,
ty TY
1 个解决方案
解决方案1
0 已采纳 2017-01-31 20:45:22
If it's installed on the server, it has very little to do with AWS. 如果它安装在服务器上,则与AWS无关。 I see you tagged the question with apache so I assume the server is running Apache Web Server. 我看到您用apache标记了问题,因此我假设服务器正在运行Apache Web Server。 You will have to connect into that server and remove the SSL settings from the Apache Web Server configuration, just like you would with an Apache Web Server install anywhere else. 您将必须连接到该服务器并从Apache Web Server配置中删除SSL设置,就像在其他任何地方安装Apache Web Server一样。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.