The company that does the PCI compliance scan has errors on their website showing that it is not secure, and has either an invalid configuration or no certificate. Then, they post any holes they found in your systems on said insecure website. Hah.
On Sat, Apr 14, 2018 at 8:31 AM, Josh Baird <joshba...@gmail.com> wrote: > A certificate with a CN of *.domain.com does not cover *.blah.domain.com. > > On Wed, Apr 11, 2018 at 11:14 AM, Jeremy <jeremysmi...@gmail.com> wrote: > >> We keep failing our PCI compliance over what I believe is an error on >> their side. Our wildcard cert covers *.bluespring.me, which is used on >> multiple servers. They are wanting an exact match to our domain on the CN, >> which is "65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me >> IS a match. If I change the CN to that specific billing server then it >> will not match the website server. It was my understanding that this is >> the entire point of having a wildcard cert. Anyone else ever gone through >> this? Does their analysis that *.bluespring.me is NOT a match seem >> right to everyone here? >> >> >