The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Certificate Issue

Discussion in 'Security' started by mtbwacko, Mar 2, 2011.

  1. mtbwacko

    mtbwacko Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    I keep getting the following PCI failures:

    "Certificate #0 self signed certificate"

    I use a wildcard server cert for all of the services (cPanel, WHM, etc.) and as far as I know there are no self-signed certs in use. Could this be an old cert they are finding somewhere? How can I find and remove Certificate #0. I have no idea what this certificate is for.

    Thanks,
    Greg
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello Greg,

    Have you checked each of the services to ensure they are not self-signed by connecting to them? You might try reinstalling the SSL in WHM > Manage Service SSL Certificates area or checking the SSL installed for each service there.

    Also, what domain or hostname is being scanned for the PCI scan? It might be something on that set domain or hostname that isn't installed properly.

    The best idea might be to contact the PCI scan company to see if they can give you more specific details, since it does happen to be their scanning service.

    Thanks.
     
  3. PenguinInternet

    PenguinInternet Well-Known Member
    PartnerNOC

    Joined:
    Jun 20, 2007
    Messages:
    149
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cardiff, UK
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I would ask the company performing the scan for further details. We use Mcafee and they provide full details of the url and port that they find any issues on as standard in their reports
     
  4. mtbwacko

    mtbwacko Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for your replies. I just found something else odd - one of the PCI failures regarding Certificate #0:

    "SSL Certificate - Subject Common Name Does Not Match Server FQDN - Certificate #0 (ultra3.happydoghosting.net) and IP (66.135.52.75) don't match"

    Well, duh on their part. They are trying to match the hostname of the server (ultra3.happydoghosting.net) to the secondary IP of the site (biketoolsetc.com). The hostname obviously has a different IP. Very odd.

    Is there a way through SSH top find out what "Certificate #0" is?
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    They are calling it certificate #0 for their scan, but that will not have a meaning for cPanel. The only way to get this answered properly would be to ask the scanning company in this instance. We don't label certificates numerically.
     
  6. mtbwacko

    mtbwacko Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Thanks Tristan. I'll try to get more information from the scanning company Qualys.
     
Loading...

Share This Page