PCI Compliant

Snowtoy
Snowtoy Posts: 15
First Comment Second Anniversary
 Freshman Member
edited April 2021 in Security

I am getting an failed PCI Compliant due to my certificate # 0 port 443 protocol TCP is valid for more than 39 Months. They are saying it cant be more than 27 Months. It says the remedy Please install a server certificate with recommended maximum validity. How do I go about this. Here is the explanation: under Vulnerabilities without an Exception Case


SSL Certificate - Invalid Maximum Validity Date Detected


Description

Starting 1 March 2018, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 27 months.

SSL/TLS certificate maximum validity is 825 days (27 months) for Domain Validated (DV) and Organization Validated (OV) Certificates.

SSL certificates have limited validity periods so that the certificate's holder identity information is re-authenticated more frequently.

It is detected that maximum validity of certificate on the system is more than what is recommended.

Thanks for any Help.

All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 265
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member

    Hi @Snowtoy

    Thanks for your feedback about this. We'll evaluate if this shall be modified.

  • Snowtoy
    Snowtoy Posts: 15
    First Comment Second Anniversary
     Freshman Member

    OK, thanks. I can't find anything about it.

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 631
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 25 Answers 500 Comments
     Guru Member
    edited February 2020

    Hi @Snowtoy

    Thanks for your feedback and we will put this enhancement into idea section for future evaluation.

  • Snowtoy
    Snowtoy Posts: 15
    First Comment Second Anniversary
     Freshman Member

    I am being charges $36 a month until I get this figured out. Thanks


  • Zyxel_Vic
    Zyxel_Vic Posts: 265
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member
    edited February 2020

    Hi @Snowtoy

    Regarding to the certificate expiration adjustment, it's actually in our plan now.

    However, to comply all the items in this report you provide, a 3rd party authorized certificate will be required.

  • Snowtoy
    Snowtoy Posts: 15
    First Comment Second Anniversary
     Freshman Member

    This is my first experience with a firewall. Where would I get the 3rd party authorization certificate. Thanks

  • itxnc
    itxnc Posts: 70
    First Comment Friend Collector Fifth Anniversary
     Ally Member
    Namecheap 1Yr certificates are super cheap and work great on Zyxel routers. < $10/year. 

    But you can also just take HTTPS out of the WAN to Zywall service group if you don't use remote admin or SSL VPN.
  • Snowtoy
    Snowtoy Posts: 15
    First Comment Second Anniversary
     Freshman Member
    Thanks Ill check that out.

Security Highlight