So Riddle me this Batman...
We have been running some PCI scans for one of our websites and one of the warning alerts that they are giving us is that the SSL cert that we are using is self signed. We are running the scan on the client's domain "domain.com" which has a wildcard cert that was purchased through Digicert.com and is absolutely signed and verified. That SSL is just fine, but when the scan runs it also is somehow getting information for our beta site "domain.ourcompany.com". Our beta site is using an self signed SSL because we have had some issues with routing subdomains using our companies wild card SSL. But for the live production site there is no reference at all to the beta site and yet for some reason the firewall is providing information for the self signed certificate.
For the production entry it has it's own virtual host that is connected to it's own "real webserver" in the UTM config using it's own CA signed SSL.
The beta site also using it's own virtual host and real webserver, and has it's own seperate entry and it's own SSL. As far as I can tell everything is completely separated out and there shouldn't be any way the scan can pickup the beta site's information and yet somehow it is.
Does anyone have any ideas on what might be happening?
This thread was automatically locked due to age.
