Hello, I am looking at https://www.sectigo.com/enterprise-solutions/certificate-manager/private-pki
To manage all SSL certificates for my cluster, but I am not sure really what I am doing…
All I need is to be able to secure all my servers in the cluster/s so all servers to be passing PCI DSS 4.0 etc.
Can I have some advice please
Thanks
PCI DSS 4.0 compliance is way more than just SSL/TLS management. Enhance already has SSL handling built-in, and the Sectigo Certificate Manager you linked to is really just an enterprise tool for centralizing SSL across multiple servers, it’s not required for PCI compliance, nor does it address the broader security requirements of PCI DSS.
PCI compliance involves securing the entire environment, including firewalls, network segmentation, intrusion detection, vulnerability management, access controls (MFA, least privilege), encrypted storage, logging, and real-time monitoring. SSL/TLS is just one piece of the puzzle.
If your goal is to meet PCI DSS 4.0, you really need a server administrator who understands PCI requirements to properly configure everything. It’s not just about having SSL certificates in place, it’s about securing the infrastructure as a whole.
Kosta take a look at the Cloudflare docs on implementing PCI DSS at zone level or per hostname if your using their DNS. I'm not sure if you change ciphers and settings required in Enhance they will be overwritten with updates, for that you would need to check with support.
Would be great to see an option in the CLI to enable PCI compliance settings like in Plesk.
I couldn’t pass pci DSS only because I am using let’s encrypt ssls, all others requirements I pass but only ssl I fail because I need central manager for ssl for enterprise not only on main website but on servers too
I don't think you understand why you failed PCI. Let's Encrypt SSLs are PCI compliant as long as:
TLS 1.2/1.3 is enforced.
Strong ciphers are used.
The certificate is monitored and renewed properly.
Kosta That is job for the webservers, not for the panel software.
You can do it easily in Litespeed admin dashboard (OLS or LSE).
https://media.webnestify.io/DeFe9/MicOLUQo11.png
You need to tell listeners to disable weak TLS and old cyphers.
webnestify nice one, I added yesterday HsTS into htaccess file I do this today and. I think I should pass it now.
Well it be very nice to have this options at Security tab on enhance panel to enhance security let’s say at server level for all kind of web servers… anyway is empty tab now
Thank you
Kosta Would be nice, indeed, but there are way more important things for Enhance to tackle 
Only 2 vulnerabilities left to be sorted so far XSS and web server LSE crashing… nearly there…
webnestify why the settings for tls 1.2 1.3 doesn’t persist? I tick them then couple days later nothing ticket…
I’ve been restarting lse after each change in settings…
Any guess?
Kosta Not sure tbh. On my servers it persist..Are you on v11/v12 ?
webnestify only the boxes are not ticked however settings are persistent.. yh
But I don’t know what to type onto chippers box … I’ve seen it somewhere and I lost the link there was like ! Symbols with: etc
Any sysadmin playing dota ?
