Solved

PCI compliance is failing with error TCP 8443 pcsync-https SSL Certificate Cannot Be Trusted

Posted on 2013-12-09
2
1,728 Views
Last Modified: 2013-12-31
PCI compliance is failing with error TCP 8443 pcsync-https SSL Certificate Cannot Be Trusted.

What is port 8443 used for and is this open by default on Sonicwall firewalls? I don't recall opening up this port and all previous PCI compliance scans have passed successfully.  Is it safe to block port 8443 on the firewall if it is not being used for anything?
0
Comment
Question by:ptsolutionsinc
2 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39707842
pcsync-https on 8443/tcp is much like https on 443/tcp except that it's for medium-strength encryption (between 56-112 bits)

Many software products use this port (Cisco Broadband Access Center is one of them)  I'm guessing you have the port open to allow access to a web interface, but I gather there is a hostname mismatch or something between what the certificate name is vs. the name that clients are accessing it by.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 39708645
xterm is most likely correct that the port is opened up for web management. The failed certificate can be for a couple reasons. If you access the webpage via IP address you will always have a certificate error. If you access the page via FQDN and you don't have a trusted certificate installed you will get this error.

For PCI compliance purposes, I would do one of two things. Either limit the source IP's allowed to access the web management page, or disable it from the outside altogether and require that admin users either be connected from the inside of the network or via VPN. This way PCI scans will not see the port as being open.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Opening Ports 18 98
SSG50 Firewall Rules 17 29
SonicWall NSA 3600, Geo-IP Filter & blocking sites 2 34
What is an ASP Table on a Cisco ASA? 3 18
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question