Untrusted TLS/SSL server X.509 certificate:Servers reporting: Untrusted TLS/SSL server X.509 certificate(False Positive)

Article:TECH196216  |  Created: 2012-09-06  |  Updated: 2013-01-02  |  Article URL http://www.symantec.com/docs/TECH196216
Article Type
Technical Solution


Environment

Issue



False positive


Error



Untrusted TLS/SSL server X.509 certificate:Servers reporting: Untrusted TLS/SSL server X.509 certificate(False Positive)


Environment



Windows 2008 R2 Standard 64 bit


Cause



CA root certificates not tracked by CCS-VM

The Nexpose default java keystore does not "trust" GoDaddy and Entrust CA as a Root CA. 


Solution



Short term fix is to exclude them as FP's

 

Rapid 7 in process of generating an enhancement request to work around this issue by allowing customers to add/import arbitrary trusted Certificate Authorities (CA) to the Nexpose Store.  Enhancement request ticket number is  RFE IS-4485




Article URL http://www.symantec.com/docs/TECH196216


Terms of use for this information are found in Legal Notices