Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Imperva DAM Gateway SSL certificate still being flagged by VA

    Posted 7 days ago

    Hi,

    I did a VA scan from nessus and it is flagging my DAM gateway SSL Certificate cannot be trust.

    I have done the CA signed from my side and replace the following files below and rename it originally.

    /opt/SecureSphere/etc/key.pem
    /opt/SecureSphere/etc/gw_self_signed_cert.crt

    after that, I did a impctl restart but it still flagging, is there any solutions or additional steps that i miss out?

    #DAM

    #ssl

    #Certificates


    #DatabaseActivityMonitoring

    ------------------------------
    Agustin Cudiamat
    Field Engineer
    Singapore
    ------------------------------


  • 2.  RE: Imperva DAM Gateway SSL certificate still being flagged by VA

    Posted 7 days ago

    Hello Agustin,

    Thank you for the post, you are inquiring about self signed certificate vulnerability on port 443 for DAM GW.

    DAM GW can only be accessed through CLI, the Gateway generates its own certificate each time it restarts, this certificate is required for MX and GW communication.
    This certificate is for the management interface of the gateway and it is not accessible by external users, hence there should be no impact.

    The TCP listener on port 443 at gateway where this vulnerability has been identified is for communication from Management server to gateway only. Since the gateway only registers with one management server, no other machine can communicate with the gateway on this port.

    Also we have a feature request raised and will be implemented in future release.



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 3.  RE: Imperva DAM Gateway SSL certificate still being flagged by VA

    Posted 6 days ago

    Hi Syed,

    May I know the feature request?

    So my tenable VA scan for my gateway, there is no workaround?

     Even though I have replace the certificate with CA signed, it will still flag as ssl certificate cannot be trusted?



    ------------------------------
    Agustin Cudiamat
    Field Engineer
    Singapore
    ------------------------------