• SSL Certificate - Signature Verification Failed Vulnerability" on all NCM AS and RA servers, though certificate is valid
• Steps to determine whether Smarts NCM is using the default certificate or third-party certificate for SSL. 
  
  

NCM 10.1.x / 24.3.x

• Remediation is to install a server certificate signed by a trusted third-party Certificate Authority. 
• The Network Configuration Manager provides the ability to install the Network Configuration Manager root CA certificate on client machines, which is required for accessing the API over an SSL connection. 
• Refer Certificates  section in NCM installation guide for steps to install root CA certificate.  
• The Network Configuration Manager root CA certificate is located on the Application or Combination server at [Product Directory]/conf/CA/voyenceca.crt.
• To determine which certificate file is being used in the environment, do the following:
  1. Run the following commands to print the voyenceca.crt certificate file:

     $VOYENCE_HOME/conf/CA> source /etc/voyence.conf

     $VOYENCE_HOME/conf/CA> $JAVA_HOME/bin/keytool -printcert -v -file voyenceca.crt

  2. Find the Certificate Name (CN). If MASTERKEY is the CN, the environment is using the default Smarts NCM certificate. Any other value for CN indicates the environment is using a third party certificate.