PCI Compliant

Snowtoy
Snowtoy Posts: 15  Freshman Member
First Anniversary First Comment
edited April 2021 in Security

I am getting an failed PCI Compliant due to my certificate # 0 port 443 protocol TCP is valid for more than 39 Months. They are saying it cant be more than 27 Months. It says the remedy Please install a server certificate with recommended maximum validity. How do I go about this. Here is the explanation: under Vulnerabilities without an Exception Case


SSL Certificate - Invalid Maximum Validity Date Detected


Description

Starting 1 March 2018, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 27 months.

SSL/TLS certificate maximum validity is 825 days (27 months) for Domain Validated (DV) and Organization Validated (OV) Certificates.

SSL certificates have limited validity periods so that the certificate's holder identity information is re-authenticated more frequently.

It is detected that maximum validity of certificate on the system is more than what is recommended.

Thanks for any Help.

All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Snowtoy

    Thanks for your feedback about this. We'll evaluate if this shall be modified.

  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    First Anniversary First Comment

    OK, thanks. I can't find anything about it.

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2020

    Hi @Snowtoy

    Thanks for your feedback and we will put this enhancement into idea section for future evaluation.

  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    First Anniversary First Comment

    I am being charges $36 a month until I get this figured out. Thanks


  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2020

    Hi @Snowtoy

    Regarding to the certificate expiration adjustment, it's actually in our plan now.

    However, to comply all the items in this report you provide, a 3rd party authorized certificate will be required.

  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    First Anniversary First Comment

    This is my first experience with a firewall. Where would I get the 3rd party authorization certificate. Thanks

  • itxnc
    itxnc Posts: 98  Ally Member
    First Anniversary 10 Comments Friend Collector
    Namecheap 1Yr certificates are super cheap and work great on Zyxel routers. < $10/year. 

    But you can also just take HTTPS out of the WAN to Zywall service group if you don't use remote admin or SSL VPN.
  • Snowtoy
    Snowtoy Posts: 15  Freshman Member
    First Anniversary First Comment
    Thanks Ill check that out.

Security Highlight