PCI Compliant

Snowtoy

I am getting an failed PCI Compliant due to my certificate # 0 port 443 protocol TCP is valid for more than 39 Months. They are saying it cant be more than 27 Months. It says the remedy Please install a server certificate with recommended maximum validity. How do I go about this. Here is the explanation: under Vulnerabilities without an Exception Case

SSL Certificate - Invalid Maximum Validity Date Detected

Description

Starting 1 March 2018, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 27 months.

SSL/TLS certificate maximum validity is 825 days (27 months) for Domain Validated (DV) and Organization Validated (OV) Certificates.

SSL certificates have limited validity periods so that the certificate's holder identity information is re-authenticated more frequently.

It is detected that maximum validity of certificate on the system is more than what is recommended.

Thanks for any Help.

Zyxel_Vic

Hi @Snowtoy

Thanks for your feedback about this. We'll evaluate if this shall be modified.

Snowtoy

OK, thanks. I can't find anything about it.

Zyxel_Jerry

Hi @Snowtoy

Thanks for your feedback and we will put this enhancement into idea section for future evaluation.

Snowtoy

I am being charges $36 a month until I get this figured out. Thanks

PCI Compliance.pdf

Zyxel_Vic

Hi @Snowtoy

Regarding to the certificate expiration adjustment, it's actually in our plan now.

However, to comply all the items in this report you provide, a 3rd party authorized certificate will be required.

Snowtoy

This is my first experience with a firewall. Where would I get the 3rd party authorization certificate. Thanks

itxnc

Namecheap 1Yr certificates are super cheap and work great on Zyxel routers. < $10/year. 

But you can also just take HTTPS out of the WAN to Zywall service group if you don't use remote admin or SSL VPN.

Snowtoy

Thanks Ill check that out.