我们正在使我们的网站符合PCI的过程。 我们面临的一个漏洞如下。
Description: SSL Version 2 (v2) Protocol Detection (for ftp) Synopsis: The remote service encrypts traffic using a protocol with known weaknesses. Resolution: Purchase or generate a proper certificate for this service. 另一个是如下(该程序又是FTP)
Description: SSL Certificate Cannot Be Trusted Synopsis: The SSL certificate for this service cannot be trusted. Resolution: Purchase or generate a proper certificate for this service.
学习东西后,我想我们需要购买一个FTP证书。 现在我有一些问题
1) When I try to purchase an SSL certificate for FTP there is no option for SSL certificate specific for FTP. So which should we buy? I know this might depend on my security company (like Thwate, Verisign etc..) but if possible then can someone give an example? 2) Our site does have HTTP SSL and it is installed perfectly and working perfectly so will the same certificate (HTTP SSL Certificate) work for FTP too?? 3) Which should we configure here, FTPS or SFTP?
1)你可以购买一个Web服务器证书,它会工作。
2)如果CN(blog.domain.com)是相同的,它将起作用。
3) FTPS和SFTP不一样:
在你的情况下,它是FTP(S)。