Currently we still use some wildcards and have never had issues with PCI (level 1) compliance from using them ….
Paul From: Af <af-boun...@afmug.com> on behalf of Jeremy <jeremysmi...@gmail.com> Reply-To: <af@afmug.com> Date: Wednesday, April 11, 2018 at 11:14 AM To: <af@afmug.com> Subject: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN) We keep failing our PCI compliance over what I believe is an error on their side. Our wildcard cert covers *.bluespring.me, which is used on multiple servers. They are wanting an exact match to our domain on the CN, which is "65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me IS a match. If I change the CN to that specific billing server then it will not match the website server. It was my understanding that this is the entire point of having a wildcard cert. Anyone else ever gone through this? Does their analysis that *.bluespring.me is NOT a match seem right to everyone here?