Internal CA VPN certificate

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

After performing an external vulnerability scan, the following vulnerability shows up. It appears to be getting flagged because the IP address of the firewall was changed at some point and there is a mismatch. The firewall that was scanned (ie: 2.2.2.2) is showing the following in the certificate (ie:1.1.1.1) for Subject Alternate Name. This is not causing any issues with VPN tunnels. What is being presented is the Internal CA VPN certificate and wondering if there is an easy fix other possibly a re-SIC?

X.509 Certificate Subject CN Does Not Match the Entity Name

The subject common name found in the X.509 certificate does not seem to match the scan target:
Subject CN fw-xxxxxxxxxx VPN Certificate does not match target name specified in the site.
Subject CN fw-xxxxxxxxxx VPN Certificate could not be resolved to an IP address via DNS lookup.
Subject Alternative Name x.x.x.x does not match target name specified in the site.

The subject's common name (CN) field in the X.509 certificate should be fixed to reflect the name of the entity presenting the certificate (e.g., the hostname). This is done by generating a new certificate usually signed by a Certification Authority (CA) trusted by both the client and server. If wildcard certificates are in use please submit the FQDN for the host for validation of the wildcard.