0

looking for a bit of advice please. We've been battling with a PCI compliancy project for the last couple of days and we've managed to eliminate most of security warnings. What we're left with now is mainly untrusted SSL certificates on pop3, smtp and imap ports.

I was just wondering what would be the best course of action for overcoming this security issue. Is there a way to remove the untrusted certificates or do we have to purchase a CA SSL certificate? If so, can we get away with purchasing just one certificate? Or do we need one certificate for each port?

I'm also unsure of how you associate an SSL certificate with a port rather than a domain name.

Apologies if this is not very clear.

The VPS is CentOS 6.5 running Plesk 11.5.30

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Sean King
  • 3
  • 3
  • You won't need to link a Certificate to a port. – Drew Khoury May 12 '14 at 11:17
  • It's a good idea to run your mail server on a completely separate (virtual) machine from the servers in scope for PCI: your web server and database. – Michael Hampton May 12 '14 at 13:26
  • [Administration panels are off topic](http://serverfault.com/help/on-topic). [Even the presence of an administration panel on a system,](http://meta.serverfault.com/q/6538/118258) because they [take over the systems in strange and non-standard ways, making it difficult or even impossible for actual system administrators to manage the servers normally](http://meta.serverfault.com/a/3924/118258), and tend to indicate low-quality questions from *users* with insufficient knowledge for this site. – HopelessN00b Feb 25 '15 at 08:34

1 Answers1

0

Independent of PCI, I can assure you that a single (HTTP) SSL Certificate is sufficient to secure pop3, smtp and imap ports as long as they are accessed under the same hostname as the webserver.

David Schmitt
  • 2,185
  • 2
  • 15
  • 25
  • Thank you very much for your answer David. So I can purchase and set up an SSL certificate for mail.example.com and use this to secure all pop3, smtp and imap ports? – Sean King May 12 '14 at 11:48
  • 1
    That is correct Sean, as long as they all use mail.example.com. – Vasili Syrakis May 12 '14 at 12:02