homepage Welcome to WebmasterWorld Guest from 54.196.198.213
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / WebmasterWorld / Professional Webmaster Business Issues
Forum Library, Charter, Moderators: LifeinAsia & httpwebwitch

Professional Webmaster Business Issues Forum

    
Last week PCI changed a self generated FTP certificate
My last server scan failed PCI
bwnbwn




msg:4488530
 1:27 am on Aug 27, 2012 (gmt 0)

I am not sure so the best thing I can do is ask the question.

Last week i was informed a self generated FTP certificate will not be accepted to encript ftp data. I am using FileZilla and generated my own and was fine till I was informed this was no longer accepted.

I was told the certificate has to be a purchased certificate in the name of the company the scan is for. I have one on the server so throgh FileZilla I can connect to the certificate but when I do I get a warning do I want to replace this certificate. I am thinking if I select yes this will break the one the cart is using.

I am not sure can anyone tell me if I am right this will break it or can I go ahead and select yes and have this behind me?

 

Brett_Tabke




msg:4488621
 12:11 pm on Aug 27, 2012 (gmt 0)

hmmm. I am using a self generated certificate as well. (one that actually was produced by a linux panel). Filezilla has not complained about it. Can you regenerate a certificate on a new domain and test it?

bwnbwn




msg:4488632
 12:41 pm on Aug 27, 2012 (gmt 0)

Brett, PCI or the body that makes rules or requirments for a PCI compliant server last week made it a fail on the server if you don't have a certificate from a registered supplier, in the name of the company or SSL name the scan for. So if I have 10 clients using a ssl connection for CC processing I have to have 10 different certificates for each ftp connection. I am fine with the FTP connecting just server failed the scan.

Just asked my IT guy here and he said I would be OK with hitting yes if I don't change the name. I guess I will see just to be safe I will make a copy.

Thanks.

bwnbwn




msg:4488755
 5:35 pm on Aug 27, 2012 (gmt 0)

My IT guy was wrong. I thought about this for a little before I did the above and called just to be safe. If I would have gone through the process of connecting to the certificate and hit yes replace it this would have assigned the ftp port to the certificate and the carts certificate would be broke. I was advised to buy one just for the ftp connection and that would be fine for all clients to connect through.
This PCI is getting to be a really big pain.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Professional Webmaster Business Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved