1

PCI SSL Self-Signed Certificate Problem

view story
linux-howto

http://forums.cpanel.net – I've got a valid SSL on my site and if I go to https://mydomain.com it loads just fine without any problems. In my PCI scan, however, I get the following warnings: Quote: Name SSL Self-Signed Certificate Category HTTPS - Web Server Severity Low High In PCI Impact Man in the Middle Attack CVSS v2 Fingerprint AV:N/AC:L/Au:N/C:P/I:P/A:N CVSS Score 6.4 Detail Description The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could (HowTos)