Control Compliance Suite Vulnerability Manager - CCS VM, untrusted TLS/SSL server X.509 certificate:Servers reporting: Untrusted TLS/SSL server X.509 certificate(False Positive).

book

Article ID: 156997

calendar_today

Updated On:

Products

Control Compliance Suite Vulnerability Manager

Issue/Introduction

False positive

Untrusted TLS/SSL server X.509 certificate:Servers reporting: Untrusted TLS/SSL server X.509 certificate(False Positive)

Cause

CA root certificates not tracked by CCS-VM

The Nexpose default java keystore does not "trust" GoDaddy and Entrust CA as a Root CA. 

Resolution

Short term fix is to exclude them as FP's

 

Rapid 7 in process of generating an enhancement request to work around this issue by allowing customers to add/import arbitrary trusted Certificate Authorities (CA) to the Nexpose Store.  Enhancement request ticket number is  RFE IS-4485


Applies To

Windows 2008 R2 Standard 64 bit