Just got a response back from a different tech: "For the SSL Certificate with Wrong Hostname, I have been informed that you can submit an Exception Request under that finding:
Check the “Invalid Finding” radio button." That is what I thought. On Wed, Apr 11, 2018 at 9:14 AM, Jeremy <jeremysmi...@gmail.com> wrote: > We keep failing our PCI compliance over what I believe is an error on > their side. Our wildcard cert covers *.bluespring.me, which is used on > multiple servers. They are wanting an exact match to our domain on the CN, > which is "65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me > IS a match. If I change the CN to that specific billing server then it > will not match the website server. It was my understanding that this is > the entire point of having a wildcard cert. Anyone else ever gone through > this? Does their analysis that *.bluespring.me is NOT a match seem right > to everyone here? > >