Vulnerability scan report for vCenter flags "Plugin ID 51192 SSL Certificate Cannot be Trusted"

Plugin 51192 will have output similar to "The following certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority"

vCenter Server 8.x

It is because the certificate at the top of the Certificate Chain is signed by a 3rd party external certificate authority, and this Certificate Authority is unknown to the scan tool (Nessus, Qualys, or similar).

This issue does not indicate a security flaw or misconfiguration in the vCenter Server appliance. To resolve or suppress the alert:

Whitelist Port TCP/3128 in the vulnerability management platform.

Coordinate with the security team or Certificate Authority (CA) to ensure this port is excluded from external certificate validation checks.

This alert is a false positive triggered by automated vulnerability scanners if external CA is used.