SSL Certificate for email and PCI compliance

snowflake

Valued Member
For my friends company they also have a PCI compliance they are trying to adapt to and most of the big issues right now are because the email (pop/imap/smtp) are all done with no SSL.

We do have an SSL for www.example.com but assuming I will need to buy one for whatever mail server settings like mail.example.com?

And I am not too sure how to install this but it seems like I just copy the cert to a file and reload the mail server.. so I will do it if I can.. If not can they hire you to do this?

Lastly, will that cert cover all the email types (pop/imap/smtp) or do I need a separate cert for each one?
 

popowich

EQ Forum Admin
Staff member
These are the requirements for PCI compliance:

PCI for the Uninitiated - How to Accept Credit Card Payments Online « LuxSci FYI

With a wildcard certificate for *.example.com you should be able to use the same certificate for all of your email and web services.

Enabling SSL email ports depends on your mail server and infrastructure.

Some control panels make it easy. Some load balancers make it easy.

If I remember correctly you have a Plesk control panel, these directions might help.
 
Top