我們正在使我們的網站符合 PCI 標準。我們面臨的漏洞之一如下。
Description: SSL Version 2 (v2) Protocol Detection (for ftp)
Synopsis: The remote service encrypts traffic using a protocol with known weaknesses.
Resolution: Purchase or generate a proper certificate for this service.
另一種如下(程式又是FTP)
Description: SSL Certificate Cannot Be Trusted
Synopsis: The SSL certificate for this service cannot be trusted.
Resolution: Purchase or generate a proper certificate for this service.
經過研究,我認為我們需要為 FTP 購買 SSL 憑證。現在我有一些問題
1) When I try to purchase an SSL certificate for FTP there is no option for SSL
certificate specific for FTP. So which should we buy? I know this might
depend on my security company (like Thwate, Verisign etc..) but if possible
then can someone give an example?
2) Our site does have HTTP SSL and it is installed perfectly and working
perfectly so will the same certificate (HTTP SSL Certificate)
work for FTP too??
3) Which should we configure here, FTPS or SFTP?
答案1
1)您可以購買網頁伺服器證書,它會起作用。
2)如果 CN (blog.domain.com) 相同,則可以。
3)FTPS 和 SFTP 不一樣:
- FTPS 是基於 SSL/TLS 的 FTP。
- SFTP 是基於 SSH 的 FTP。
就您而言,它是 FTP(S)。