From the scan report the vulnerability reported as "Network-Protocol/TLS/TLS Server Cert" on port 9080/TCP

VMware vSphere ESXi 7.x

VMware vSphere ESXi 8.x

This issue is due to the iofiltervp.pem certificate of the hosts were having expired certificate and doesn't match with the rui.crt of the host machine certificate

Following steps were performed to resolve the issue:

• • Renew the I/O filter certificate by performing the steps mentioned in the KB: 318887

  • Take a backup of the existing iofiltervp.pem file and replaced it with the rui.crt and rui.key file in ESXi

    • cd /etc/vmware/ssl
    • mv iofiltervp.pem oldiofiltervp.pem.bak

  • Copy the rui.crt and rui.key file of the host from the following location

    • /etc/vmware/ssl

  • Add it in the iofiltervp.pem file using vi editor,

    • vi iofiltervp.pem

  • Restart the iofilter service following below command

    • /etc/init.d/iofiltervpd restart

  • Perform the vulnerability scan on the ESXi