我们正在使我们的网站符合 PCI 标准。我们面临的一个漏洞如下。
Description: SSL Version 2 (v2) Protocol Detection (for ftp)
Synopsis: The remote service encrypts traffic using a protocol with known weaknesses.
Resolution: Purchase or generate a proper certificate for this service.
另一个如下(该程序再次是FTP)
Description: SSL Certificate Cannot Be Trusted
Synopsis: The SSL certificate for this service cannot be trusted.
Resolution: Purchase or generate a proper certificate for this service.
经过研究,我认为我们需要为 FTP 购买 SSL 证书。现在我有一些问题
1) When I try to purchase an SSL certificate for FTP there is no option for SSL
certificate specific for FTP. So which should we buy? I know this might
depend on my security company (like Thwate, Verisign etc..) but if possible
then can someone give an example?
2) Our site does have HTTP SSL and it is installed perfectly and working
perfectly so will the same certificate (HTTP SSL Certificate)
work for FTP too??
3) Which should we configure here, FTPS or SFTP?
答案1
1)您可以购买一个Web服务器证书,它可以起作用。
2)如果 CN(blog.domain.com)相同,则有效。
3)FTPS 和 SFTP 不一样:
- FTPS 是通过 SSL/TLS 传输的 FTP。
- SFTP 是通过 SSH 传输的 FTP。
就您而言,它是 FTP(S)。