search cancel

Need help with SSL/TLS Patching

book

Article ID: 253434

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Virtual appliance provisioning server needs SSL certificates updated and need weak SSL/TLS vulnerabilities addressed.

 

  1. SSL Certificate - Self-Signed Certificate
  2. SSL Certificate - Invalid Maximum Validity Date Detected
  3. Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security (TLSv1.0)
  4. Weak SSL/TLS Key Exchange
  5. HTTP Security Header Not Detected

Environment

Release : 14.2

Resolution

  1. SSL Certificate - Self-Signed Certificate
  2. SSL Certificate - Invalid Maximum Validity Date Detected

These two would have to be taken care of by the customer providing their own certs

  1. Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security (TLSv1.0)
  2. Weak SSL/TLS Key Exchange

Yes, Changing to TLS1.2 will take care of these.

  1. HTTP Security Header Not Detected

I am not familiar with the scan tool used, and I am unsure why this message would be present as the IM solution should be currently protected by SSL by the customer.