<div>
<div class="content wysiwyg-content">
We recently upgraded the SSL certificate on our primary website to a wildcard certificate. The was to encompass our development &nbsp;and staging sites within the certificate and to reduce complexity/costs at the hosting site.<br />
<br />
Now we are seeing a PCI scan failure - with the scanned URL (www.'domain.com') no longer matching the name on the certificate (*.'domain.com') the PCI scan engine is unable to trust the certificate. I have tried to dispute the PCI failure (as a false positive) but so far tis has been denied.<br />
<br />
Other than reverting back to individual certificates does anyone out there have suggestions as to how to work around this? I can't believe we are the only company using wildcard certificates and it seems that if these diminish the level of trust then they may not be suited to transactional sites.<br />
<br />
Thanks in advance.
</div>
</div>


We recently upgraded the SSL certificate on our primary website to a wildcard certificate. The was to encompass our development  and staging sites within the certificate and to reduce complexity/costs at the hosting site.

Now we are seeing a PCI scan failure - with the scanned URL (www.'domain.com') no longer matching the name on the certificate (*.'domain.com') the PCI scan engine is unable to trust the certificate. I have tried to dispute the PCI failure (as a false positive) but so far tis has been denied.

Other than reverting back to individual certificates does anyone out there have suggestions as to how to work around this? I can't believe we are the only company using wildcard certificates and it seems that if these diminish the level of trust then they may not be suited to transactional sites.

Thanks in advance.

Wilcard SSL certificate failing PCI scan

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.