Currently we still use some wildcards and have never had issues with PCI (level 1) compliance from using them ….
Paul From: Af <[email protected]> on behalf of Jeremy <[email protected]> Reply-To: <[email protected]> Date: Wednesday, April 11, 2018 at 11:14 AM To: <[email protected]> Subject: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN) We keep failing our PCI compliance over what I believe is an error on their side. Our wildcard cert covers *.bluespring.me, which is used on multiple servers. They are wanting an exact match to our domain on the CN, which is "65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me IS a match. If I change the CN to that specific billing server then it will not match the website server. It was my understanding that this is the entire point of having a wildcard cert. Anyone else ever gone through this? Does their analysis that *.bluespring.me is NOT a match seem right to everyone here?
