PCI fail SSL Certificate with Wrong Hostname

karen5 · July 26, 2019, 2:43pm

Hi,
my website failed a PCI scan with the error “SSL Certificate with Wrong Hostname” even though the SSL checker picks up the certificate. The impact is: The SSL certificate for this service is for a different host.
I believe that it is looking to the web host for the certificate but it is now controlled by Cloudflare. Should I just purchase an Edge SSL certificate on Cloudflare or is there another solution?

Judge · July 26, 2019, 2:49pm

Probably related to part of the DNS name being Cloudflaressl.com, but this is not an issue.

PCI does not require the TLS certificate you use be exclusive to your hostname, at least from skimming the DSS document. If it gives you a specific requirement ID (eg 1.3.2 or similar) post that here.

karen5 · July 26, 2019, 3:14pm

Thank you, I can’t find that. I think I will try purchasing and Edge certificate and see if that cures the issue. Thanks for your help

alon · August 23, 2019, 12:38pm

Is it possible to get an update on this? Did purchasing Edge certificates cure the issue for you?

karen5 · August 23, 2019, 1:31pm

Hi Alon,
In the end we reverted back to the SSL certificate on the IP address that the scan was looking for and let Cloudflare handle the DNS only and that passed the scan.

Thanks for your help,

Karen

karen cox.

					DIRECTOR

Brookstone Creative Ltd,
[The Atkins Building,

					Lower Bond Street, Hinckley, LE10 1QU](https://maps.google.com/maps?q=The+Atkins+Bldg,+Lower+Bond+St,+Hinckley,+UK&hl=en&sll=40.858432,-73.099554&sspn=0.105294,0.173893&oq=the+atkins+building&hnear=The+Atkins+Bldg,+Lower+Bond+St,+Hinckley+LE10+1QU,+United+Kingdom&t=m&z=16)

T: 01455 561 561
Brookstone Creative Ltd. is a company registered in England & Wales. Registered number: 9516123. Registered office: The Atkins Building, Lower Bond Street, Hinckley, Leicestershire, LE10 1QU. This email is private and confidential. If you have received this message in error, please notify us and remove it from your system. Please do not print this email unless it is necessary. Every unprinted email helps the environment. The views and opinions included in this email belong to their author and do not necessarily mirror the views and opinions of Brookstone Creative Ltd.

system · August 25, 2019, 2:56pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare SSL and PCI scan Security ssl , dash-ssl-tls	5	2590	May 16, 2018
SSL certificate is invalid Security dns , dash-ssl-tls , dash-errors , dash-troubleshooting	19	9691	May 18, 2018
Origin server SSL certificate but different hostname Getting Started	4	2720	July 21, 2021
The SSL certificate for this service is for a different host Security dns , dash-ssl-tls , dash-getting-started	5	5231	December 19, 2018
SSL Hostname Mismatch Error After Certificate Renewal Process Security	1	268	April 3, 2024

PCI fail SSL Certificate with Wrong Hostname

Related topics