This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Certificate for SUM

I have not been able to find a knowledge base article on how to replace the SSL certificate for the SUM, running a webserver on port 4422. I need to replace it based on a vulnerability assessment finding. Please advise. Thank you.



This thread was automatically locked due to age.
Parents
  • Hi, Scott, and welcome to the UTM Community!

    The only thing a human from a  vulnerability assessment service does is write a note that you have issues.  No one in their business evaluates the automated assessment report beyond that.  This sounds like a lot of false positives I see discussed here.  If you can share exactly what they said, we probably can give you information that will let them ignore that issue and give you a pass.

    For instance, sometimes they grip about there being a self-signed cert.  In fact, in some instances, that's safer than a public cert.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bob,

               Hi. Your response cracked me up! The scan was not a third party scan, but rather my own scan! Yes, the issue is self-signed certificates. I have a CA; I just need to know how to generate a CSR from the SUM to get a proper certificate. I know, I know... You are asking, "Don't you have anything better to do with your time?". Regardless, it has to get done. Thanks for the post!

     

    Scott

  • For self signed certificate, I am also agree with you because this type of certificate creates browser warning issue so it will be the best if people will avoid self signed ssl certificate.

  • In this case, we're not dealing with ecommerce, but with a tool to which there should be very limited access.  There should only be a few IPs allowed to reach WebAdmin or SUM and the small number of devices can easily have the CA added to the Trusted Root Certification Authorities store.  For this use, the self-signed certificate is actually more secure against mitm attacks than one signed by Thawte, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • In this case, we're not dealing with ecommerce, but with a tool to which there should be very limited access.  There should only be a few IPs allowed to reach WebAdmin or SUM and the small number of devices can easily have the CA added to the Trusted Root Certification Authorities store.  For this use, the self-signed certificate is actually more secure against mitm attacks than one signed by Thawte, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data