A security scan (such as Tenable Nessus) reports the following vulnerability for VMware Cloud Director Availability (VCDA) appliances:

• Plugin Name: SSL Certificate with Wrong Hostname
• Description: The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
• Example Plugin Output: The identities known by the scanner (e.g., IP address or FQDN) do not match the Common Name in the certificate

VMware Cloud Director Availability 4.7.x

This report is typically a configuration observation rather than a direct security vulnerability. It highlights that the SSL certificate identified in the environment has a Common Name (CN) that does not match the server identities (IP address or DNS name) used by the scanner.

To resolve the discrepancy in the security report, the administrator should review and replace the existing SSL certificate with a new one that contains the correct Common Name or Subject Alternative Name (SAN) matching the appliance's identity.

Managing the VMware Cloud Director Availability SSL certificates