-1

I'm trying to get PCI compliant and the PCI scanning company is showing below Fail scan report

SL Certificate - Self-Signed Certificate SSL Certificate - Self-Signed Certificate port 25/tcp over SSL

IMPACT: By exploiting this vulnerability, an attacker can launch a man-in-the-middle attack. SOLUTION: Please install a server certificate signed by a trusted third-party Certificate Authority. RESULT: Certificate #0 CN=ip-172-31-27-94.ap-southeast-1.compute.internal is a self signed certificate.

But I already purchased third party SSL certificate and works well over port 443.

How to resove this for port 25 ?

root@www:/etc/apache2# netstat -tapen | grep ":25" tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 9610 1284/master tcp6 0 0 :::25
:::* LISTEN 0 9611 1284/master

GBD
  • 131
  • 2
  • 8
  • you're not describing the webserver config you have... if you look at it from the outside, try openssl s_client to get the certificate details, and match them to what you have in the cert store, then you know which certificate is offered as a starting point. – Florenz Kley Aug 14 '15 at 14:15
  • 1
    @FlorenzKley This is not a webserver, it's an SMTP server. – EEAA Aug 14 '15 at 16:11
  • openssl s_client works against SMTP servers, too :-) – Florenz Kley Aug 17 '15 at 07:40

1 Answers1

-1

Install the same third party certificate in your Postfix email server. The configuration file is /etc/postfix/main.cf

serverliving.com
  • 885
  • 7
  • 15
  • I have updated same certs in postfix main.cf but now what to do for this new error `SSL Server Allows Anonymous Authentication Vulnerability` on same 25 port ? – GBD Aug 15 '15 at 06:33