Don’t you control the reverse DNS for 65.126.126.5? You could just modify it to be the right manage.bluespring.me <http://manage.bluespring.me/> hostname rather than the 65-126-126-5.dia.static.bluespring.me <http://65-126-126-5.dia.static.bluespring.me/>.
It shouldn’t matter though for PCI compliance. I’ve never had any PCI compliance folks complain about reverse DNS not matching the certificate.. Otherwise on a shared hosting server with someone’s cert for: www.joesfishandships.com <http://www.joesfishandships.com/>, the reverse DNS of that shared IP is hosting.myorg.com <http://hosting.myorg.com/>. > On Apr 11, 2018, at 9:21 AM, Jeremy <[email protected]> wrote: > > Just got a response back from a different tech: "For the SSL Certificate with > Wrong Hostname, I have been informed that you can submit an Exception Request > under that finding: > > Check the “Invalid Finding” radio button." > > That is what I thought. > > On Wed, Apr 11, 2018 at 9:14 AM, Jeremy <[email protected] > <mailto:[email protected]>> wrote: > We keep failing our PCI compliance over what I believe is an error on their > side. Our wildcard cert covers *.bluespring.me <http://bluespring.me/>, > which is used on multiple servers. They are wanting an exact match to our > domain on the CN, which is "65-126-126-5.dia.static.bluespring.me > <http://65-126-126-5.dia.static.bluespring.me/>". To me, *.bluesping.me > <http://bluesping.me/> IS a match. If I change the CN to that specific > billing server then it will not match the website server. It was my > understanding that this is the entire point of having a wildcard cert. > Anyone else ever gone through this? Does their analysis that *.bluespring.me > <http://bluespring.me/> is NOT a match seem right to everyone here? > >
