PCI Compliant

SnowtoySnowtoy Member Posts: 15  Freshman Member

I am getting an failed PCI Compliant due to my certificate # 0 port 443 protocol TCP is valid for more than 39 Months. They are saying it cant be more than 27 Months. It says the remedy Please install a server certificate with recommended maximum validity. How do I go about this. Here is the explanation: under Vulnerabilities without an Exception Case


SSL Certificate - Invalid Maximum Validity Date Detected


Description

Starting 1 March 2018, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 27 months.

SSL/TLS certificate maximum validity is 825 days (27 months) for Domain Validated (DV) and Organization Validated (OV) Certificates.

SSL certificates have limited validity periods so that the certificate's holder identity information is re-authenticated more frequently.

It is detected that maximum validity of certificate on the system is more than what is recommended.

Thanks for any Help.

All Replies

  • Zyxel_VicZyxel_Vic Zyxel Offical Agent Posts: 172  mod

    Hi @Snowtoy

    Thanks for your feedback about this. We'll evaluate if this shall be modified.

  • SnowtoySnowtoy Member Posts: 15  Freshman Member

    OK, thanks. I can't find anything about it.

  • Zyxel_JerryZyxel_Jerry Zyxel Offical Agent Posts: 380  mod
    edited February 12, 2020 6:38PM

    Hi @Snowtoy

    Thanks for your feedback and we will put this enhancement into idea section for future evaluation.

  • SnowtoySnowtoy Member Posts: 15  Freshman Member

    I am being charges $36 a month until I get this figured out. Thanks


  • Zyxel_VicZyxel_Vic Zyxel Offical Agent Posts: 172  mod
    edited February 13, 2020 1:15PM

    Hi @Snowtoy

    Regarding to the certificate expiration adjustment, it's actually in our plan now.

    However, to comply all the items in this report you provide, a 3rd party authorized certificate will be required.

  • SnowtoySnowtoy Member Posts: 15  Freshman Member

    This is my first experience with a firewall. Where would I get the 3rd party authorization certificate. Thanks

  • itxncitxnc Member Posts: 64  Ally Member
    Namecheap 1Yr certificates are super cheap and work great on Zyxel routers. < $10/year. 

    But you can also just take HTTPS out of the WAN to Zywall service group if you don't use remote admin or SSL VPN.
  • SnowtoySnowtoy Member Posts: 15  Freshman Member
    Thanks Ill check that out.
Sign In to comment.