Vulnerability Scanner shows Self-Signed certificates being used for Endpoint Agents with CA-Signed Certificates
search cancel

Vulnerability Scanner shows Self-Signed certificates being used for Endpoint Agents with CA-Signed Certificates

book

Article ID: 419639

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

When running  a Vulnerability scan it flags your endpoint servers or endpoint agent with CA signed cert as vulnerable because they are using Self-Signed Certificates on port 10443.

Environment

DLP 25.1

Cause

The agents use Self-Signed Certificates to communicate with the Endpoint Server on port 10443.

Resolution

While it is possible to CA Sign the Endpoint Certificates with DLP 25.1, it nests these certificates inside the Self-Signed Certificates.
- This allows you to use CA signed certificates if desired
- But the important note is that it will still use the standard Self-Signed Certificates before passing the traffic off to the CA Signed Certificates.
- This means that while you can use CA-Signed Certificates, a vulnerability scanner will still flag the communication as using Self-Signed Certificates as these certificates are still in use even with the CA Signed certificates also being used.

Additional Information

Current Traffic (25.1):
     Self-Signed
          CA-Signed
               TRAFFIC
          CA-Signed
     Self-Signed

 

Previous Traffic(older):
     Self-Signed
          TRAFFIC
     Self-Signed

Powered by Wolken Software