This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Warnings

I hace an SFTP server in my DMZ. There's a DNAT entry and firewall policy allowing access from Internet IPV4 using port 22 to the server. No other ports are open. No SSL cert is installed on the server.

When we run a Pen test from outside the company, it's throwing a bunch of SSL errors.

SSL Certificate Cannot Be Trusted, SSL Certificate with Wrong Hostname, SSL Self-Signed Certificate

Turns out, the scanner is returning info from the UTM's SSL cert. How do I fix this?

This thread was automatically locked due to age.

Parents

0 Louis-M over 7 years ago

You will have to install a publicly recognizable certificate which can cost money.

There are however, free variants:

1. Letsencrypt

2. Startssl (free but you will have to renew every year)
Cancel
Vote Up 0 Vote Down

Cancel
0 SteveHart over 7 years ago in reply to Louis-M

I don't think that will fix the problem. The name of the UTM still won't match the name of the SFTP server.

I'm wondering what policy will force the tester to look the server.
Cancel
Vote Up 0 Vote Down

Cancel
0 DouglasFoster over 7 years ago in reply to SteveHart

On which open port is it detecting the certificate? UTM is known to open ports that are not wanted, notably SMTP proxy opens port 25 on all confogured addresses.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DouglasFoster over 7 years ago in reply to SteveHart

On which open port is it detecting the certificate? UTM is known to open ports that are not wanted, notably SMTP proxy opens port 25 on all confogured addresses.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data