Last week PCI changed a self generated FTP certificate

Forum Moderators: LifeinAsia

Message Too Old, No Replies

Last week PCI changed a self generated FTP certificate

My last server scan failed PCI

bwnbwn

1:27 am on Aug 27, 2012 (gmt 0)

I am not sure so the best thing I can do is ask the question.

Last week i was informed a self generated FTP certificate will not be accepted to encript ftp data. I am using FileZilla and generated my own and was fine till I was informed this was no longer accepted.

I was told the certificate has to be a purchased certificate in the name of the company the scan is for. I have one on the server so throgh FileZilla I can connect to the certificate but when I do I get a warning do I want to replace this certificate. I am thinking if I select yes this will break the one the cart is using.

I am not sure can anyone tell me if I am right this will break it or can I go ahead and select yes and have this behind me?

Brett_Tabke

12:11 pm on Aug 27, 2012 (gmt 0)

hmmm. I am using a self generated certificate as well. (one that actually was produced by a linux panel). Filezilla has not complained about it. Can you regenerate a certificate on a new domain and test it?

bwnbwn

12:41 pm on Aug 27, 2012 (gmt 0)

Brett, PCI or the body that makes rules or requirments for a PCI compliant server last week made it a fail on the server if you don't have a certificate from a registered supplier, in the name of the company or SSL name the scan for. So if I have 10 clients using a ssl connection for CC processing I have to have 10 different certificates for each ftp connection. I am fine with the FTP connecting just server failed the scan.

Just asked my IT guy here and he said I would be OK with hitting yes if I don't change the name. I guess I will see just to be safe I will make a copy.

Thanks.

bwnbwn

5:35 pm on Aug 27, 2012 (gmt 0)

My IT guy was wrong. I thought about this for a little before I did the above and called just to be safe. If I would have gone through the process of connecting to the certificate and hit yes replace it this would have assigned the ftp port to the certificate and the carts certificate would be broke. I was advised to buy one just for the ftp connection and that would be fine for all clients to connect through.
This PCI is getting to be a really big pain.