QID: 38172 – SSL Certificate Improper Usage
Summary: The SSL vulnerability scan identifies an untrusted self-signed certificate in use on TCP port 8000.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Clients may reject TLS handshake if basicConstraints or keyUsage validation fails. Scanners will flag this as a misconfiguration.
Cause
Dell PowerScale InsightIQ presents a CA certificate or leaf certificate with incorrect X.509 attributes during the SSL/TLS handshake (e.g., CA:TRUE, crlSign) instead of an end-entity certificate.
Resolution
Customers are advised to replace the default self-signed certificate with:
- A third party (public or private) CA-issued certificate (preferred), or
- Another self-signed leaf certificate (CA:FALSE, correct Key Usage/EKU)
Refer to the Dell PowerScale InsightIQ Security Configuration Guide for additional details.
Additional Information
QID 38172 flags misconfigured SSL/TLS certificates on TCP port 8000, where server leaf certificates are incorrectly assigned certificate authority-like attributes.
Affected Products
PowerScale InsightIQArticle Properties
Article Number: 000400392
Article Type: Solution
Last Modified: 17 Dec 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.