Web Host's PCI Compliance Certificate
Feb 14, 2009
A bit of background. We're a Canadian company with an eCommerce (Miva Merchant) website currently hosting with Hosting4Less out of California, and we're using Moneris Solutions' eSelectPLUS gateway to accept credit cards online.
Actually, we're not accepting credit cards online yet as we're trying to become PCI Compliant. At Moneris' recommendation, we've signed with Trustwave to take care of PCI Compliance verification. The problem is, that Moneris requires us to provide them with our third party service provider's (Hosting4Less) PCI Certification, and to this request, Hosting4Less has responded with the equivalent of "a deer in the headlights look". I've contacted two other hosting companies and neither of them seems to be able to provide evidence of their PCI Certification either. So, my question, is providing such certification something that a PCI Compliant web host should be able to provide to their eCommerce customers, or is Moneris asking for something that doesn't exist?
Excerpt from Moneris Compliance email: ....
View 14 Replies
ADVERTISEMENT
Feb 13, 2015
I installed a new certificate, made it default, assigned it to the shared ip address and made the plesk panel use it.
The problem is we have 200 virtual hosts using the old certificate. Is there a way to reconfigure all those domains easily.
View 13 Replies
View Related
Apr 1, 2009
I was just presented with some work. The client has a ZenCart site.
They were recently contacted by their CC company that they are not PCI compliant. They brought it up with their hosting provider and were told that the host can put them on clustered hosting and set them up with a SSL certificate. As it stands now, they are using a freebie SSL cert that is registered with the host (https://thesite.host.com).
They decided that clustered hosting and a custom SSL cert is too much money. So they want me to install PayPal Website Payments Standard.
I'm fuzzy about PCI compliance. Will this actually make the site PCI compliant?
View 11 Replies
View Related
Jan 14, 2008
I have taken basic security measures on my VPS such as using CSF firewall, cPanel and CSF's security tweaks, compiling php with suhosin etc.
As there will be a couple of sites running ecommerce stores, I want to do PCI compliance to give greater confidence to my clients. How/where do I start? The available options just seem incredibly expensive.
View 2 Replies
View Related
Dec 4, 2008
We have a client on a VPS (Virtuozzo) that is failing PCI Compliance through McAfee as the port for the "power panel" in Viruozzo uses week SSL encryption.
Since we can't block the port (as users need to be able to access it) does anyone know how we can possibly upgrade that or change things so that it will pass compliance?
All other ports on the server are fine, but the port 4643 keeps failing under the ScanAlert scans:
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv2
DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
RC4-64-MD5 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5
SSLv3
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
Anyone have any suggestions on how we can resolve this issue for the client?
View 10 Replies
View Related
Dec 11, 2008
How important is PCI Compliance to you as a hosting provider? Are you compliant now?
Do you intend to be complaint? Also how many thing that just getting a scan from comodo or another scanner makes you compliant?
As far the rules for PCI-DSS state if you store CC's which all hosting companies do if they are using a billing system, i.e MB, WHMCS etc.. You have to be compliant to a fault for a 37 page document with lots and lots of requirements that most don't do and don't know how to do.
Is it worth it to not make the effort and get compliant or risk losing your merchant account and getting on the TMF list and fined $50k?
View 9 Replies
View Related
Apr 2, 2008
Does "HackerSafe" (PCI Compliance [url] logo on a website make sense to attract more customers?
Will you (as a customer) prefer to see that logo on the hosting website where you bought your hosting from?
View 14 Replies
View Related
Mar 20, 2008
Been reading your genuis skills and I was so impressed I figured you might be able to help me with a rather terrible quandry.
I am undergoing the search for a new dedicated hosting provider and at the same time undertaking PCI compliance.
Some of the hosting providers are suggesting that all PCI compliant merchants must ALL have a seperate and stand alone Firewall in order to reach PCI standards.
Other hosting providers seem jaded by the question and seem to think that the standard software type firewall will suffice.
Now, are the sales people I am speaking to inept or am I being "upsold" unneccessarily.
My transaction numbers are relatively low but the retention or certainly the passing of credit cards needs to be slick and happen on my site rather than another.
So could you tell me
1/ Is a PCI compliant merchant needing to have a seperate $500 a month harware firewall?
Oddly enough Control Scan, who are very good at selling me their SSL and PCI compliance in one service, are unable to advise me on those manditory hardware requirements for PCI compliance, even though they are supposed to be experts in the arena. So I thought I would ask someone who actually knows what they are doing!
View 14 Replies
View Related
Dec 7, 2008
I have searched for a bit, switched 3 hosting companies, and looking for a hosting company that can back up what they say...not just to get the sale
I have searched around here, and noticed a few hosting companies, and did a 'find a host search' but no reviews are in place
Can anyone provide some names of hosting companies, that are on shared servers, because
I can not afford dedicated server.
View 10 Replies
View Related
Apr 2, 2008
I was in the market for a new dedicated server after a couple of years with my previous provider. The previous provider did nothing wrong but they were no longer competitive when it came to CPU and memory.
I moved first to geekrack. And I left them after a week and a half as they never were able to get my rDNS records setup.
I found Universal Hosts on this forum and gave them a shot. I had asked for an operating system that they didn't offer normally (Debian 64 bit) and they said that they could do it. However, when my server was setup it was 32 bit Debian instead. They apologized and had Debian 64 bit setup less than 24 hours later.
When I asked them to get rDNS records setup it took a few hours but they were setup correctly and they worked.
Universal Hosts is also a BurstNet reseller but compared to my other attempt at using a BurstNet reseller they are fantastic. While the initial config was incorrect they worked quickly to fix it and were very professional about it.
So after two weeks - so far so good. Keep up the good work UniHosts!
View 1 Replies
View Related
Aug 11, 2013
I am running Apache2.2, PHP5.I have been running with virtual hosts on a Windows 7 environment fine for a couple of years successfully, but have just had to move to a Windows 8 environment.It looks like Apache and PHP have installed and are working fine, but my Virtual hosts are now not being recognised. From what I can tell, it is the Windows 8 hosts file that is having a problem, as it looks as though it is now just setup to Block websites.
If I make the host file just have the one line127.0.0.1 localhost entry, then the very first Virtual Host from my apache config file will come up, but the rest are not found.If I put the usual 127.0.0.1 mywebsite.name aliasname is appears as though my website works momentarily and then is blocked..
View 7 Replies
View Related
Aug 16, 2008
Recently I stumbled along a host on here with a good rep and that uses direct admin.
Because they were very nice on the live support I signed up to see what direct admin was like.
Its very diferent from cpanel. Some parts seem to be harder to use like the phpmyadmin requires the username and password to the database you created not the control panel username and password like cpanel. Although I guess that could be a good security feature just in case some one gets into the control panel they can not get into the phpmyadmin, then again if they are smart and were able to get into the control panel they could get into ftp and look what the username and password is on the config file for the script you are using.
The bandwidth meter seems to be better in direct admin although I think its acting up for me as its putting yesterdays bandwidth on todays. I was told by the host that it updates every 2 hours and at first it did but now its gone to every day. Oh and unlike cpanel this bandwidth meter includes bandwith used by the control panel.
Niether one from what I can tell counts sftp though at least for the hosts I have right now.
View 14 Replies
View Related
Jul 7, 2008
I want to use SSL on my website.
[url]
I don't really get the differences (and it seems all companies offering SSL offer different types of certificates.. don't even know where they overlap)
Can someone recommend where I could get an SSL certificate and why I should choose between a $15/year one and $100+/year?
View 13 Replies
View Related
Aug 26, 2007
I am running a site that currently has a Geotrust SSL cert installed (Plesk 7.5.3). That certificate is about to expire and I am going with one from a new vendor. My question is, do I need to generate a new CSR before requesting the new certificate or do I use the CSR from the current one and just upload the new certificate file (overwriting the current one) when I get it?
View 2 Replies
View Related
Jan 18, 2007
how i get SSL certificate on my online shopping site?
View 1 Replies
View Related
Jun 20, 2007
Which SLL certificate would be needed if I was just setting up a site that accepted payments? Also, were would be the best place to buy one?
View 4 Replies
View Related
Sep 8, 2009
i just got this ssl certificate but i have some doubts how exactly should i set up the whole magic. i created the secure.domain.com which suppose to be the sub-domain for the login page which means when user decide to sign up/login to immediately transfer to the ssl state(sample: see ebay.com and then their https login page). so, far the home page which is domain.com(or www.domain.com) it doesn't need to be covered by the ssl. so, i was just wondering how do i play the game? i know it's kinda tricky and the key is somewhere in the sub-domain name(cP set up), .htaccess and/or index.php files but not very clear to me.
View 3 Replies
View Related
Oct 29, 2009
My online store is almost ready to publish and Im trying to work my head around this SSL thing.
So through reading on here Ive determined that only the cart or PII areas need to be secured, not the entire site.
My host provided a free SSL cert but I discovered that it is a domain verification SSL only and there is no "clickable seal" or business verification. Verification is important however Im not sure I need an EV cert (nor that I can afford it).
Im looking for business verification, clickable seal, 128/256, 2048bit, free reissue.
Does anyone have any suggestions for a SSL cert and what I might need? There was someone in the ads forum offering a GlobalSign OrganizationalSSL cert for $100yr. Does this seem like a good deal? There isnt a lot of feedback about GlobalSign on the net.
View 4 Replies
View Related
Jun 24, 2009
anyone can tell the right way to renew SSL certificate? if possible, a way that won't be alerting users that the certificate has changed
View 7 Replies
View Related
Jul 16, 2009
I am now in process of choosing ssl certificate from certificate authority for one of the sites I administer and I got confused.
I visited numerous sites offering certs and I concluded:
- I don't need EV certificate
- 128 bit certificates can vary in price at different providers from $25 to $100 and higher
- some sites are offering 128 bit at lower price and 256 or 515 bit certs at higher prices
I don't understand why are some certs so expensive? Doesn't 128 bit cert form any provider at any price provide the same level of security?
I thought 128 bit encryption is unbreakable. Why do someone buys 256 or 512 bit cert at higher price?
Some of those more expensive certs are offering "higher level of security", warranties... Is that only marketing or there is some real value behind additional features?
View 3 Replies
View Related
Jul 13, 2009
How do I install an SSL Cert with just the .key and .crt in root WHM?
View 5 Replies
View Related
Jun 7, 2009
I got a plesk VPS and purchased SSL from GoDaddy. After I installed it, I was getting an error message from firefox about “SSL is self signed”. I obviously did something wrong, but what?I first logged into the SSL certificate section and created a new one...
View 3 Replies
View Related
Apr 25, 2009
When you create a SSL certificate for www.mydomain.com vs mydomain.com, is the "www" vs "non-www" decided when you generate the CSR (for example, in cpanel/whm)? Or is it "decided" when you actually purchase the certificate?
View 14 Replies
View Related
May 7, 2008
i recived below email from my server!
what is this and what should i do i don`t use any SSL
Certificate for dovecot on server.test.com was expired and a self signed one was created to replace it. You should install a new certifcate as soon as possible to replace the self signed one that was installed to replaced the expired one. You can install a new certificate in WHM under "Manager Service SSL Certificates", or by clicking this link: [url]
View 0 Replies
View Related
Jun 26, 2008
Namecheap.com offers PositiveSSL certificate for free at the moment
[url]
I was wondering what is its encryption ability compared to RapidSSL certificate?
View 8 Replies
View Related
Jun 23, 2008
i have to install a ssl certificate for one of the websites on my server, i have openssl installed on a centos 5.1 with whm/cpanel i have found this comand to generate a CSR but didnt work dunno what im missing...
openssl genrsa –des3 –out www.mydomain.com.key 1024
View 2 Replies
View Related
May 8, 2008
i recived below email from my server!
what is this and what should i do
i don`t use any SSL
Certificate for dovecot on server.test.com was expired and a self signed one was created to replace it. You should install a new certifcate as soon as possible to replace the self signed one that was installed to replaced the expired one. You can install a new certificate in WHM under "Manager Service SSL Certificates", or by clicking this link: [url]
View 3 Replies
View Related
Jun 4, 2008
I have some clients who use IE 7. And everytime that they enter their cPanel to Login they are shown a Certificate Warning.
IE 7 Tells them not to continue (Not Recommended).
View 8 Replies
View Related
Jan 10, 2008
I'm a client of JaguarPC and I'm very happy with them.
I choosed them as I'm reading WebHostingTalk and I saw good points with them.
Now I got the chance to register and start my communication with you.
I now want to buy a certificate SSL, so anyone connecting will be protected and encrypted.
I dont care for maximum transaction security, just for displaying that this certificate is Trusted by Internet Explorer and most browsers.
View 14 Replies
View Related
Aug 30, 2008
I have [virtually] unlimited number of subdomains on my site, and I need SSL support on them. So, I think wildcard SSL certificate will do the job.
Can you recommend an affordable wildcard SSL cert provider supported by all the major browsers (IE/Firefox/Opera/Safari)?
View 13 Replies
View Related
Apr 29, 2008
I want to buy an SSL certificate for my international web site.
I found that SSL cert. from versign cost about US$1500, however, those from namecheap.com cost about US$20,
What are the difference between these certificates?
View 14 Replies
View Related
