I am working on getting my company PCI Compliant. The first thing we are working on is passing our external vulnerability scan. We are using Trustwave and are scanning 10 locations and 1 website. We have given the IP address of the perimeter firewall of each location to Trustwave to scan. Before any changes were made, we were failing with SSL certificate is self-signed and SSL certificate is not trusted. So I went out to find an SSL certificate for our firewalls, but have had a hard time getting an SSL certificate for anything that is not a domain.
We already have a wildcard certificate for our website, *.domain.com. I set up each firewall ip as a subdomain,firewall.domain.com, and added the wildcard certificate to the firewall and it worked! The problem is is that Trustwave says I need to use the IP Address in their scan, which still fails.
I'm pretty sure I'm just missing something and once I figure that out it will all click. Any help you guys can offer would be greatly appreciated, if you need any additional information just ask.
No comments:
Post a Comment