Currently we still use some wildcards and have never had issues with PCI (level
1) compliance from using them ….
From: Af <af-boun...@afmug.com> on behalf of Jeremy <jeremysmi...@gmail.com>
Date: Wednesday, April 11, 2018 at 11:14 AM
Subject: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)
We keep failing our PCI compliance over what I believe is an error on their
side. Our wildcard cert covers *.bluespring.me, which is used on multiple
servers. They are wanting an exact match to our domain on the CN, which is
"65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me IS a match. If
I change the CN to that specific billing server then it will not match the
website server. It was my understanding that this is the entire point of
having a wildcard cert. Anyone else ever gone through this? Does their
analysis that *.bluespring.me is NOT a match seem right to everyone here?