After performing an external vulnerability scan, the following vulnerability shows up. It appears to be getting flagged because the IP address of the firewall was changed at some point and there is a mismatch. The firewall that was scanned (ie: 2.2.2.2) is showing the following in the certificate (ie:1.1.1.1) for Subject Alternate Name. This is not causing any issues with VPN tunnels. What is being presented is the Internal CA VPN certificate and wondering if there is an easy fix other possibly a re-SIC?
X.509 Certificate Subject CN Does Not Match the Entity Name
The subject common name found in the X.509 certificate does not seem to match the scan target:
Subject CN fw-xxxxxxxxxx VPN Certificate does not match target name specified in the site.
Subject CN fw-xxxxxxxxxx VPN Certificate could not be resolved to an IP address via DNS lookup.
Subject Alternative Name x.x.x.x does not match target name specified in the site.
The subject's common name (CN) field in the X.509 certificate should be fixed to reflect the name of the entity presenting the certificate (e.g., the hostname). This is done by generating a new certificate usually signed by a Certification Authority (CA) trusted by both the client and server. If wildcard certificates are in use please submit the FQDN for the host for validation of the wildcard.