“Port 8443 SSL Certificate Cannot Be Trusted”
a. A vulnerability scanner determined that CA PAM port 8443 SSL certificate cannot be trusted
b.The issue can be simulated when you try to access https://CAPAM_IP:8443/
Cluster Deployment Requirements - We need the following ports to be open for cluster deployment.
Clustered appliance: Within a site, these ports are required: TCP/443, 8443 (HTTPS); TCP/3307, 13307 (MySQL); TCP/5900 (Hazelcast); TCP/7900 (JGroups); TCP/7901 (JGroups heartbeat). Between sites, only 443, 8443, and 3307 are required. For external user access, only 443 is required. (For a standalone appliance, only TCP/443 is necessary.)
Port 8443 is used internally for communication between the clustered nodes and this uses a self-signed certificate, which can't be externally trusted as any other SSL certificate, but during a vulnerability scan, this SSL certificate is visible / it is accessible from anywhere.
Release : 3.2.x, 3.3.1, 3.3.2, 3.3.3
Component: PRIVILEGED ACCESS MANAGEMENT
This is a known issue fixed in 3.4 release of the product.