EDR: Sensor 'server' cert flagged by Nessus Scan 'Nessus 51192 - SSL Certificate cannot be trusted'
book
Article ID: 287402
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Receiving 'Nessus 51192 - SSL Certificate cannot be trusted' from Nessus Scan'
Environment
EDR Server: All Supported Versions
Cause
Description from Tenable site:
When plugin 51192 - 'SSL Certificate Cannot Be Trusted' is triggered, it is usually because the certificate at the top of the Certificate Chain is signed by an unknown certificate authority. Plugin 51192 it will have output similar to "The following certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority"
Resolution
There are no security implications with our sensor 'server' certificate.
The sensor group certificates are signed with the server certificate. EDR uses certificate pinning, meaning: before the sensor talks to the server, during the TLS handshake, it compares the certificate shown on the network to the one on the disk. They have to match or the communications are disconnected.
To trust the certificate, we can follow the instructions found here.