- Plesk Onyx 17.5 for Linux
PCI Compliance Resolver utility was executed for all services:
# plesk sbin pci_compliance_resolver --enable all
The same SSL certificate is set both for securing both Plesk and mail in Tools & Settings > SSL/TLS Certificates > Certificate for securing Plesk and Certificate for securing mail.
PCI DSS compliance scanning performed by a third-party company (for example: Trustwave, Comodo, or Qualys) detects the vulnerability "SSL Certificate Expired" on SMTP ports (25, 465, 587) with the Plesk default certificate on these ports, for example:
SSL certificate is incorrectly applied for SMTP server (Postfix or qmail).
Go to Tools & Settings > SSL/TLS Certificates > [Change] next to Certificate for securing mail.
Select the same certificate in the field Select Certificate and click OK.