Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Jeremy
The company that does the PCI compliance scan has errors on their website showing that it is not secure, and has either an invalid configuration or no certificate. Then, they post any holes they found in your systems on said insecure website. Hah. On Sat, Apr 14, 2018 at 8:31 AM, Josh Baird

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Josh Baird
A certificate with a CN of *.domain.com does not cover *.blah.domain.com. On Wed, Apr 11, 2018 at 11:14 AM, Jeremy wrote: > We keep failing our PCI compliance over what I believe is an error on > their side. Our wildcard cert covers *.bluespring.me, which is used on >

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Matt Hoppes
ce from using them …. > > Paul > > > From: Af <af-boun...@afmug.com> on behalf of Jeremy <jeremysmi...@gmail.com> > Reply-To: <af@afmug.com> > Date: Wednesday, April 11, 2018 at 11:14 AM > To: <af@afmug.com> > Subject: [AFMUG] PCI Compliance scan

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Paul Stewart
To: <af@afmug.com> Subject: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN) We keep failing our PCI compliance over what I believe is an error on their side. Our wildcard cert covers *.bluespring.me, which is used on multiple servers. They are wanting an exact match to our domain

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-11 Thread Cassidy B. Larson
Don’t you control the reverse DNS for 65.126.126.5? You could just modify it to be the right manage.bluespring.me hostname rather than the 65-126-126-5.dia.static.bluespring.me . It shouldn’t matter though for PCI

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-11 Thread Jeremy
Just got a response back from a different tech: "For the SSL Certificate with Wrong Hostname, I have been informed that you can submit an Exception Request under that finding: Check the “Invalid Finding” radio button." That is what I thought. On Wed, Apr 11, 2018 at 9:14 AM, Jeremy

[AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-11 Thread Jeremy
We keep failing our PCI compliance over what I believe is an error on their side. Our wildcard cert covers *.bluespring.me, which is used on multiple servers. They are wanting an exact match to our domain on the CN, which is "65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me IS a