Solved

PCI compliance is failing with error TCP 8443 pcsync-https SSL Certificate Cannot Be Trusted

Posted on 2013-12-09
2
1,766 Views
Last Modified: 2013-12-31
PCI compliance is failing with error TCP 8443 pcsync-https SSL Certificate Cannot Be Trusted.

What is port 8443 used for and is this open by default on Sonicwall firewalls? I don't recall opening up this port and all previous PCI compliance scans have passed successfully.  Is it safe to block port 8443 on the firewall if it is not being used for anything?
0
Comment
Question by:ptsolutionsinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39707842
pcsync-https on 8443/tcp is much like https on 443/tcp except that it's for medium-strength encryption (between 56-112 bits)

Many software products use this port (Cisco Broadband Access Center is one of them)  I'm guessing you have the port open to allow access to a web interface, but I gather there is a hostname mismatch or something between what the certificate name is vs. the name that clients are accessing it by.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 39708645
xterm is most likely correct that the port is opened up for web management. The failed certificate can be for a couple reasons. If you access the webpage via IP address you will always have a certificate error. If you access the page via FQDN and you don't have a trusted certificate installed you will get this error.

For PCI compliance purposes, I would do one of two things. Either limit the source IP's allowed to access the web management page, or disable it from the outside altogether and require that admin users either be connected from the inside of the network or via VPN. This way PCI scans will not see the port as being open.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question