Hi Syed,
May I know the feature request?
So my tenable VA scan for my gateway, there is no workaround?
Even though I have replace the certificate with CA signed, it will still flag as ssl certificate cannot be trusted?
------------------------------
Agustin Cudiamat
Field Engineer
Singapore
------------------------------
Original Message:
Sent: 07-09-2024 23:52
From: Syed Noor Fazal
Subject: Imperva DAM Gateway SSL certificate still being flagged by VA
Hello Agustin,
Thank you for the post, you are inquiring about self signed certificate vulnerability on port 443 for DAM GW.
DAM GW can only be accessed through CLI, the Gateway generates its own certificate each time it restarts, this certificate is required for MX and GW communication.
This certificate is for the management interface of the gateway and it is not accessible by external users, hence there should be no impact.
The TCP listener on port 443 at gateway where this vulnerability has been identified is for communication from Management server to gateway only. Since the gateway only registers with one management server, no other machine can communicate with the gateway on this port.
Also we have a feature request raised and will be implemented in future release.
------------------------------
Syed Noor Fazal
Product Support Engineer
Original Message:
Sent: 07-09-2024 22:48
From: Agustin Cudiamat
Subject: Imperva DAM Gateway SSL certificate still being flagged by VA
Hi,
I did a VA scan from nessus and it is flagging my DAM gateway SSL Certificate cannot be trust.
I have done the CA signed from my side and replace the following files below and rename it originally.
/opt/SecureSphere/etc/key.pem
/opt/SecureSphere/etc/gw_self_signed_cert.crt
after that, I did a impctl restart but it still flagging, is there any solutions or additional steps that i miss out?
#DAM
#ssl
#Certificates
#DatabaseActivityMonitoring
------------------------------
Agustin Cudiamat
Field Engineer
Singapore
------------------------------