ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerability scan or web browser reports Messaging Gateway Control Center certificate as invalid

book

Article ID: 169948

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

When running vulnerability scans against the Messaging Gateway (SMG) Control Center or connecting to it with a web browser the server TLS certificate is reported as invalid and the communication not secure.

Cause

Messaging Gateway ships with a default self-signed demo certificate which contains no Subject Alternative Names (SAN) which are required for hostname validation and which is not signed by a third party certificate authority.

Resolution

The demo certificate is for demonstration purposes only and intended to be replaced in a secure production environment by a third party signed certificate.

Note: Creating a Certificate Signing Request (CSR) in the SMG Control Center Administration > Certificates page does not currently allow the addition of subject alternative names to the CSR. It is recommended that the CSR be generated outside of the SMG Control Center Gui and then the signed certificate and private key be imported as described in Importing a Certificate Authority signed certificate.

Attachments