Software for Party Rentals, Events, and Services
 
New Topic
SupportTopicQuestionUncategorized

PCI Scan Fail - Server FQDN

Cody M. shared this question 20 days ago
Answered

Hello,

I did a scan on my website and it says there was one vulnerability found. The description says, "SSL Certificate - Subject Common Name Does Not Match Server FQDN." What comment should I make or what change should I make to fix this issue? Thank you!

1 The same question

Comments (1)

photo
1
Brittany M. 17 days ago

Hello,

Please take a look at this article under Global Payments (OpenEdge) for more information on how to resolve issues for the PCI Compliance Scan.

Let us know if you have any questions.

Thank you

Reply
photo
1
Cody M. 17 days ago

Hi Brittany,

I reviewed that page and it doesn't have any info about the server name not matching the server FQDN. Is there any info about that issue in the scan?

photo
1
Joel A. 16 days ago

Here is what I did to remediate the issue:

I adjusted it when you visit https://serverip address to not serve the SSL of the first site on the server but instead to use a default SSL certificate that isn't using SNI which is what the vulnerability was complaining about.


If they still won't approve it you can just start a new scan instead of arguing with them.

photo
1
Cody M. 13 days ago

Thanks Joel, I'll probably just start a new scan.

photo
Leave a Comment
 
Attach a file
Powered by: UseResponse - Ideas Management Software
Access denied