EDR: Sensor 'server' cert flagged by Nessus Scan 'Nessus 51192 - SSL Certificate cannot be trusted'
search cancel

EDR: Sensor 'server' cert flagged by Nessus Scan 'Nessus 51192 - SSL Certificate cannot be trusted'

book

Article ID: 287402

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Receiving 'Nessus 51192 - SSL Certificate cannot be trusted' from Nessus Scan'

Environment

  • EDR Server: All Supported Versions

Cause

  • Description from Tenable site: 
    • When plugin 51192 - 'SSL Certificate Cannot Be Trusted' is triggered, it is usually because the certificate at the top of the Certificate Chain is signed by an unknown certificate authority. Plugin 51192 it will have output similar to "The following certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority"

Resolution

  • There are no security implications with our sensor 'server' certificate. 
  • The sensor group certificates are signed with the server certificate.  EDR uses certificate pinning, meaning: before the sensor talks to the server, during the TLS handshake, it compares the certificate shown on the network to the one on the disk.  They have to match or the communications are disconnected.
  • To trust the certificate, we can follow the instructions found here.
Powered by Wolken Software