Untrusted TLS/SSL server X.509 certificate

shiboo_suren · ‎2020-03-06

When a Vulnerability scanner is run in a network then it shows this vulnerability for firewall.

Untrusted TLS/SSL server X.509 certificate.

Description:

The server's TLS/SSL certificate is signed by a Certification Authority (CA) that is not well-known or trusted. This could happen if: the chain/intermediate certificate is missing, expired or has been revoked; the server hostname does not match that configured in the certificate; the time/date is incorrect; or a self-signed certificate is being used. The use of a self-signed certificate is not recommended since it could indicate that a TLS/SSL man-in-the-middle attack is taking place

PhoneBoy · ‎2020-03-06

This isn't really a vulnerability so much as it's an FYI.
By default, the Gaia WebUI uses a self-signed certificate.
This is normal and expected.
You can change the certificate to one signed by a trusted CA if you wish.

mithunsasi88 · ‎2023-11-01

Hello , can you please share the steps to generate CSR file and install the cert file shared by CA for the Gaia WebUI

PhoneBoy · ‎2023-11-01

To generate the CSR, use the commands here: https://support.checkpoint.com/results/sk/sk69660
To install it: https://support.checkpoint.com/results/sk/sk97648

mithunsasi88 · ‎2023-11-02

Thank you 🙂

Are you a member of CheckMates?

Untrusted TLS/SSL server X.509 certificate