The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI and private ssl

Discussion in 'General Discussion' started by panit, Dec 3, 2014.

  1. panit

    panit Member

    Joined:
    Aug 14, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I'm a reseller. One of my hosting members had a PCI scan that failed. Almost all of the failures have to do with ssl like:

    The SSL certificate for this service cannot be trusted.

    The SSL certificate chain for this service ends in an unrecognized
    self-signed certificate.

    My host is saying it is because cpanel uses a self-signed cert and that I need a private cert for the server. I don't have a problem doing that but I'm concerned about what affects it might have on the clients, if any.

    Many of my hosting members have PCI scans done and this is the first one to ever mention this problem so I'm hesitant to make a change that might cause problems.

    Is it safe to install a certificate for the server, meaning it won't cause any problems for any of the accounts on the server?

    And any idea why the self-signed cert is failing the scan? I thought they were secure, just not recognized by browsers.
     
  2. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    It should be perfectly safe to install a certificate on the server. You would do so via WHM => Server Configuration => Manage Service SSL Certificates.
    This should not negatively effect your users, in fact it will end up being more secure if they use the servers hostname for FTP, Email, and connecting to cPanel (on port 2083).

    You should also note that PCI scans can have numerous false positives and they should be checked manually. In many cases the scanning company will flag your server as passed if you force them to manually check your server.
     
  3. panit

    panit Member

    Joined:
    Aug 14, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Thank you for the prompt reply. I will do as you suggest.
     
Loading...

Share This Page