topic Re: Untrusted TLS/SSL server X.509 certificate in General Topics

Untrusted TLS/SSL server X.509 certificate

shiboo_suren — Fri, 06 Mar 2020 18:26:14 GMT

When a Vulnerability scanner is run in a network then it shows this vulnerability for firewall.

Untrusted TLS/SSL server X.509 certificate.

Description:

The server's TLS/SSL certificate is signed by a Certification Authority (CA) that is not well-known or trusted. This could happen if: the chain/intermediate certificate is missing, expired or has been revoked; the server hostname does not match that configured in the certificate; the time/date is incorrect; or a self-signed certificate is being used. The use of a self-signed certificate is not recommended since it could indicate that a TLS/SSL man-in-the-middle attack is taking place

Re: Untrusted TLS/SSL server X.509 certificate

PhoneBoy — Sat, 07 Mar 2020 00:25:19 GMT

This isn't really a vulnerability so much as it's an FYI.
By default, the Gaia WebUI uses a self-signed certificate.
This is normal and expected.
You can change the certificate to one signed by a trusted CA if you wish.

Re: Untrusted TLS/SSL server X.509 certificate

mithunsasi88 — Wed, 01 Nov 2023 10:28:53 GMT

Hello , can you please share the steps to generate CSR file and install the cert file shared by CA for the Gaia WebUI

Re: Untrusted TLS/SSL server X.509 certificate

PhoneBoy — Wed, 01 Nov 2023 18:05:10 GMT

To generate the CSR, use the commands here: https://support.checkpoint.com/results/sk/sk69660
To install it: https://support.checkpoint.com/results/sk/sk97648

Re: Untrusted TLS/SSL server X.509 certificate

mithunsasi88 — Thu, 02 Nov 2023 12:40:41 GMT

Thank you 🙂