Certificate Have problem when pci compliance testing on router


#1

Certificate Have problem when pci compliance testing on router


#2

Hi @aididmazlan,

This isn’t very helpful without more information, like the domain, the specific error message, or what kind of PCI compliance test you’re doing.

If the PCI compliance scanner is complaining about the SHA-1 signature on the DST (IdenTrust) root certificate, the scanner vendor is misinterpreting the rules. We have three prior threads about this issue here on this forum; you can find the details in each of them.

https://community.letsencrypt.org/search?q=pci%20sha1

I hope that helps!


#3

its complain about TLS.


#4

You’ll have to give us more information in order for us to help you. (For example, what domain name, what PCI compliance tester, and what error message?)


#5

The error is "undefined CVE, X.509 certificate subject CN


#6

There’s no reason for such an error to occur for a properly configured site using a Let’s Encrypt certificate.


#7

“Notice that your merchant still using TLS v1.0 on port 8443” what about this ? can you help ?


#8

That’s going to be your accepted TLS, you’ll have to see if whatever service running on port 8443 can be upgraded to disable TLS 1.0 and use 1.1 or 1.2.

Configs vary wildly depending on what it is. If it’s the pfsense webserver then try their forums for how to disable TLS 1.0


#9

Right now I’m using asus webserver . can you advice how to config ?


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.