Hello,
On all servers just nuilt I am receiving this report from the Security team:
Asset Names Asset IP Address Service Port Vulnerability ID Vulnerability CVE IDs Vulnerability Age Vulnerability Risk Score Exploit Minimum Skill Exploit Count Vulnerability Severity Level Vulnerability Title Vulnerability Description Asset OS Name Vulnerability Solution Vulnerability Proof Vulnerability CVSS Score Vulnerability CVSSv3 Score Asset Owner Custom Tag VSPRES01 10.12.176.158 3389 tls-untrusted-ca 8 Days 697 0 6 Untrusted TLS/SSL server X.509 certificate The server's TLS/SSL certificate is signed by a Certification Authority (CA) that is not well-known or trusted. This could happen if: the chain/intermediate certificate is missing, expired or has been revoked; the server hostname does not match that configured in the certificate; the time/date is incorrect; or a self-signed certificate is being used. The use of a self-signed certificate is not recommended since it could indicate that a TLS/SSL man-in-the-middle attack is taking place Microsoft Windows Server 2016 Standard Edition "Obtain a new certificate from your CA and ensure the server configuration is correct Ensure the common name (CN) reflects the name of the entity presenting the certificate (e.g., the hostname). If the certificate(s) or any of the chain certificate(s) have expired or been revoked, obtain a new certificate from your Certificate Authority (CA) by following their documentation. If a self-signed certificate is being used, consider obtaining a signed certificate from a CA. References: Mozilla: Connection Untrusted Error (https://support.mozilla.org/en-US/kb/connection-untrusted-error-message) SSLShopper: SSL Certificate Not Trusted Error (https://www.sslshopper.com/ssl-certificate-not-trusted-error.html) Windows/IIS certificate chain config (https://support.microsoft.com/en-us/kb/954755) Apache SSL config (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html) Nginx SSL config (http://nginx.org/en/docs/http/configuring_https_servers.html) CertificateChain.io (https://certificatechain.io/)" TLS/SSL certificate signed by unknown, untrusted CA: CN=VSPRES01.ad -- [Path does not chain with any of the trust anchors]. 5.8 0 CiscoAMP,STATS-Internal,Sophos,Windows Server VSPRES02 10.12.176.159 3389 tls-untrusted-ca 8 Days 697 0 6 Untrusted TLS/SSL server X.509 certificate The server's TLS/SSL certificate is signed by a Certification Authority (CA) that is not well-known or trusted. This could happen if: the chain/intermediate certificate is missing, expired or has been revoked; the server hostname does not match that configured in the certificate; the time/date is incorrect; or a self-signed certificate is being used. The use of a self-signed certificate is not recommended since it could indicate that a TLS/SSL man-in-the-middle attack is taking place Microsoft Windows Server 2016 Standard Edition "Obtain a new certificate from your CA and ensure the server configuration is correct Ensure the common name (CN) reflects the name of the entity presenting the certificate (e.g., the hostname). If the certificate(s) or any of the chain certificate(s) have expired or been revoked, obtain a new certificate from your Certificate Authority (CA) by following their documentation. If a self-signed certificate is being used, consider obtaining a signed certificate from a CA. References: Mozilla: Connection Untrusted Error (https://support.mozilla.org/en-US/kb/connection-untrusted-error-message) SSLShopper: SSL Certificate Not Trusted Error (https://www.sslshopper.com/ssl-certificate-not-trusted-error.html) Windows/IIS certificate chain config (https://support.microsoft.com/en-us/kb/954755) Apache SSL config (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html) Nginx SSL config (http://nginx.org/en/docs/http/configuring_https_servers.html) CertificateChain.io (https://certificatechain.io/)" TLS/SSL certificate signed by unknown, untrusted CA: CN=VSPRES02.ad -- [Path does not chain with any of the trust anchors]. 5.8 0 CiscoAMP,STATS-Internal,Sophos,Windows Server
1. What is the name of the certificate I am looking for?
2. Where is the certificate located?
3. what is the resolution to apply on this certificate?
Thanks,
Dom
Security / System Center Configuration Manager Current Branch / SQL