- Plesk Onyx 17.5 for Linux
- PCI Compliance Resolver utility was executed for all services:
# plesk sbin pci_compliance_resolver --enable all
- The same SSL certificate is set both for securing both Plesk and mail at Tools & Settings > SSL/TLS Certificates .
- PCI compliance scanning report detects "SSL Certificate Expired" vulnerability on SMTP ports (25, 465, 587).
- When checking the detailed report, the Plesk default certificate is found in these detections.
SSL certificate is incorrectly applied for SMTP server (Postfix or qmail).
Re-apply the certificate for mail: Tools & Settings > SSL/TLS Certificates > [Change] next to Certificate for securing mail > select the same certificate > OK .