Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 11809 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Weak Cipher and unknown CA

Halls

I’’’’ve ran a network vulnerability tool (NESSUS) and it reported SSL vulnerabilities with weak encryption and an unknown CA.  I’’’’ve narrowed it down to Sophos RMS on port 8194 but my question is how do you update the certification manager and where does the certification manager receive its certificates and what certificates do they issue.

I am running Sophos Anti-Virus (Version 9.5.4) from Enterprise Console 4.5.1.0

Also i have my own CA Server,  if i can use this to generate a pem please let me know where i need to place it i think it is on the enterprise management server but not sure where.

regards,

Steve Hall

:8005


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    The file cac.pem is the generated certificate of the Certification Manager in the system.  If you make a copy of this file and call it cac.crt for example you can view it as a certificate file to study its properties.  I don't imagine you can use your own certificate and I doubt it would be supported if you did.  I've noticed that at install there is a exe which creates it and adds it to the registry on the SEC server (\certauthstore\), you would need some way of injecting your file into that process, so it's not really viable.  It's easy to switch your certificate for the ones in the  distribution points but you would need to get your certificate into the certauthstore on the server also which isn't really possible

    Would you be able to list more details as to what Nessus exactly reports?

    I believe that the strength of the encryption is different for the routernt.exe talking with the routernt.exe process (i.e. across the network) but for speed, the encryption is lower where the local management agent talks to the local router.  So it could be a trade off between security and performance in the various parts of the system.   

    Jak 

    :8087
Reply
  • 0

    HI,

    The file cac.pem is the generated certificate of the Certification Manager in the system.  If you make a copy of this file and call it cac.crt for example you can view it as a certificate file to study its properties.  I don't imagine you can use your own certificate and I doubt it would be supported if you did.  I've noticed that at install there is a exe which creates it and adds it to the registry on the SEC server (\certauthstore\), you would need some way of injecting your file into that process, so it's not really viable.  It's easy to switch your certificate for the ones in the  distribution points but you would need to get your certificate into the certauthstore on the server also which isn't really possible

    Would you be able to list more details as to what Nessus exactly reports?

    I believe that the strength of the encryption is different for the routernt.exe talking with the routernt.exe process (i.e. across the network) but for speed, the encryption is lower where the local management agent talks to the local router.  So it could be a trade off between security and performance in the various parts of the system.   

    Jak 

    :8087
Children
No Data