PCI fail SSL Certificate with Wrong Hostname

Hi,
my website failed a PCI scan with the error “SSL Certificate with Wrong Hostname” even though the SSL checker picks up the certificate. The impact is: The SSL certificate for this service is for a different host.
I believe that it is looking to the web host for the certificate but it is now controlled by Cloudflare. Should I just purchase an Edge SSL certificate on Cloudflare or is there another solution?

Probably related to part of the DNS name being Cloudflaressl.com, but this is not an issue.

image

PCI does not require the TLS certificate you use be exclusive to your hostname, at least from skimming the DSS document. If it gives you a specific requirement ID (eg 1.3.2 or similar) post that here.

Thank you, I can’t find that. I think I will try purchasing and Edge certificate and see if that cures the issue. Thanks for your help

Is it possible to get an update on this? Did purchasing Edge certificates cure the issue for you?

Hi Alon,
In the end we reverted back to the SSL certificate on the IP address that the scan was looking for and let Cloudflare handle the DNS only and that passed the scan.

Thanks for your help,

Karen

Brookstone Creative

karen cox.

					DIRECTOR

Brookstone Creative Ltd,
[The Atkins Building,

					Lower Bond Street, Hinckley, LE10 1QU](https://maps.google.com/maps?q=The+Atkins+Bldg,+Lower+Bond+St,+Hinckley,+UK&hl=en&sll=40.858432,-73.099554&sspn=0.105294,0.173893&oq=the+atkins+building&hnear=The+Atkins+Bldg,+Lower+Bond+St,+Hinckley+LE10+1QU,+United+Kingdom&t=m&z=16)

T: 01455 561 561
Brookstone Creative Ltd. is a company registered in England & Wales. Registered number: 9516123. Registered office: The Atkins Building, Lower Bond Street, Hinckley, Leicestershire, LE10 1QU. This email is private and confidential. If you have received this message in error, please notify us and remove it from your system. Please do not print this email unless it is necessary. Every unprinted email helps the environment. The views and opinions included in this email belong to their author and do not necessarily mirror the views and opinions of Brookstone Creative Ltd.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.