Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Jeremy
The company that does the PCI compliance scan has errors on their website showing that it is not secure, and has either an invalid configuration or no certificate. Then, they post any holes they found in your systems on said insecure website. Hah. On Sat, Apr 14, 2018 at 8:31 AM, Josh Baird wro

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Josh Baird
A certificate with a CN of *.domain.com does not cover *.blah.domain.com. On Wed, Apr 11, 2018 at 11:14 AM, Jeremy wrote: > We keep failing our PCI compliance over what I believe is an error on > their side. Our wildcard cert covers *.bluespring.me, which is used on > multiple servers. They ar

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Matt Hoppes
aul > > > From: Af on behalf of Jeremy > Reply-To: > Date: Wednesday, April 11, 2018 at 11:14 AM > To: > Subject: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN) > > We keep failing our PCI compliance over what I believe is an error on their > side.

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-14 Thread Paul Stewart
Currently we still use some wildcards and have never had issues with PCI (level 1) compliance from using them …. Paul From: Af on behalf of Jeremy Reply-To: Date: Wednesday, April 11, 2018 at 11:14 AM To: Subject: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN) We keep

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-11 Thread Cassidy B. Larson
Don’t you control the reverse DNS for 65.126.126.5? You could just modify it to be the right manage.bluespring.me hostname rather than the 65-126-126-5.dia.static.bluespring.me . It shouldn’t matter though for PCI co

Re: [AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-11 Thread Jeremy
Just got a response back from a different tech: "For the SSL Certificate with Wrong Hostname, I have been informed that you can submit an Exception Request under that finding: Check the “Invalid Finding” radio button." That is what I thought. On Wed, Apr 11, 2018 at 9:14 AM, Jeremy wrote: >

[AFMUG] PCI Compliance scan rejecting wildcard cert (CN)

2018-04-11 Thread Jeremy
We keep failing our PCI compliance over what I believe is an error on their side. Our wildcard cert covers *.bluespring.me, which is used on multiple servers. They are wanting an exact match to our domain on the CN, which is "65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me IS a mat