PCI Compliant

Snowtoy
Snowtoy Posts: 15  Freshman Member

I am getting an failed PCI Compliant due to my certificate # 0 port 443 protocol TCP is valid for more than 39 Months. They are saying it cant be more than 27 Months. It says the remedy Please install a server certificate with recommended maximum validity. How do I go about this. Here is the explanation: under Vulnerabilities without an Exception Case


SSL Certificate - Invalid Maximum Validity Date Detected


Description

Starting 1 March 2018, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 27 months.

SSL/TLS certificate maximum validity is 825 days (27 months) for Domain Validated (DV) and Organization Validated (OV) Certificates.

SSL certificates have limited validity periods so that the certificate's holder identity information is re-authenticated more frequently.

It is detected that maximum validity of certificate on the system is more than what is recommended.

Thanks for any Help.

All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 175  Zyxel Employee

    Hi @Snowtoy

    Thanks for your feedback about this. We'll evaluate if this shall be modified.

  • Snowtoy
    Snowtoy Posts: 15  Freshman Member

    OK, thanks. I can't find anything about it.

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 403  Zyxel Employee
    edited February 2020

    Hi @Snowtoy

    Thanks for your feedback and we will put this enhancement into idea section for future evaluation.

  • Snowtoy
    Snowtoy Posts: 15  Freshman Member

    I am being charges $36 a month until I get this figured out. Thanks


  • Zyxel_Vic
    Zyxel_Vic Posts: 175  Zyxel Employee
    edited February 2020

    Hi @Snowtoy

    Regarding to the certificate expiration adjustment, it's actually in our plan now.

    However, to comply all the items in this report you provide, a 3rd party authorized certificate will be required.

  • Snowtoy
    Snowtoy Posts: 15  Freshman Member

    This is my first experience with a firewall. Where would I get the 3rd party authorization certificate. Thanks

  • itxnc
    itxnc Posts: 64  Ally Member
    Namecheap 1Yr certificates are super cheap and work great on Zyxel routers. < $10/year. 

    But you can also just take HTTPS out of the WAN to Zywall service group if you don't use remote admin or SSL VPN.
  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    Thanks Ill check that out.
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!

Community News