PCI and private ssl

panit

• December 03, 2014 08:07

I'm a reseller. One of my hosting members had a PCI scan that failed. Almost all of the failures have to do with ssl like: The SSL certificate for this service cannot be trusted. The SSL certificate chain for this service ends in an unrecognized self-signed certificate. My host is saying it is because cpanel uses a self-signed cert and that I need a private cert for the server. I don't have a problem doing that but I'm concerned about what affects it might have on the clients, if any. Many of my hosting members have PCI scans done and this is the first one to ever mention this problem so I'm hesitant to make a change that might cause problems. Is it safe to install a certificate for the server, meaning it won't cause any problems for any of the accounts on the server? And any idea why the self-signed cert is failing the scan? I thought they were secure, just not recognized by browsers.

• 

  cPanelPeter cPanel Staff

  • December 03, 2014 14:35

  Hello, It should be perfectly safe to install a certificate on the server. You would do so via WHM => Server Configuration => Manage Service SSL Certificates. This should not negatively effect your users, in fact it will end up being more secure if they use the servers hostname for FTP, Email, and connecting to cPanel (on port 2083). You should also note that PCI scans can have numerous false positives and they should be checked manually. In many cases the scanning company will flag your server as passed if you force them to manually check your server.

  0
• 

  panit

  • December 03, 2014 14:37

  Thank you for the prompt reply. I will do as you suggest.

  0

Please sign in to leave a comment.