Threat Analytics X.509 Certificate Subject CN does not match the Entity Name (certificate-common-name-mismatch)
search cancel

Threat Analytics X.509 Certificate Subject CN does not match the Entity Name (certificate-common-name-mismatch)

book

Article ID: 209640

calendar_today

Updated On:

Products

CA Threat Analytics for PAM

Issue/Introduction

Vulnerability Scan on the Threat Analytics appliance found that it has a "CN=$HOSTNAME"

Port: 443/tcp, 3000/tcp, 8443/tcp | CN: $HOSTNAME

X.509 Certificate Subject CN Does Not Match the Entity Name (certificate-common-name-mismatch)

 

 

Cause

By default, TAP(Threat Analytics for PAM) is shipped with a default (self-signed) certificate which has "CN=$HOSTNAME"

CN = $HOSTNAME
OU = Engineering
O = CA Technologies
L = New York
S = New York
C = US

The certificate is required so TAP is shipped with HTTPS enabled.

Resolution

After deploying TAP you need to install a proper certificate, use the Create a Java Key Store File documentation section to create a jks file.

Follow the documented steps to create a jks and upload to TAP server.

Then restart both "Threat Analytics Engine" and "Threat Analytics Admin App". (A reboot may be required)

Perform the vulnerability scan against the 443,3000,8443 ports again.

Powered by Wolken Software