Unsolved
3 Posts
0
451
SCG VE self-signed certificate on port 443 (not 8443, 9443, 5700)
Hi everyone,
Can you tell me how to replace self-signed certificate on port 443.
I found only official instructions for ports 9443, 5700 but it is not enough.
Thats how it looks for now:
openssl s_client -connect {scg_ip_ardess}:443
Certificate chain
0 s:/C=US/ST=AnyState/L=AnyCity/O=Default ConnectEMC Server Certificate/OU=Initial Install Use Only/CN=*.yourdomain
i:/C=us/O=emc/OU=rscemc/CN=rscemc-ipsecca
1 s:/C=US/ST=Massachusetts/L=Westborough/O=EMC/OU=ConnectEMC/CN=128.221.98.145/emailAddress=Arumainayagam_Allen@emc.com
i:/C=US/ST=Massachusetts/L=Westborough/O=EMC/OU=ConnectEMC/CN=128.221.98.145/emailAddress=Arumainayagam_Allen@emc.com
Thanks for any advice
Peter
DELL-Chris H
Moderator
Moderator
•
8.5K Posts
0
July 12th, 2023 09:00
Piotr_panek,
Would you clarify what you are trying to accomplish specifically? I ask as there shouldn't be a need to change the certificate on port 443, as you don't access SCG with that port, 443 is only used by SCG itself.
Hence why I need more context, as I don't think there is a way to replace the cert on port 443, unless replacing the cert for port 5700 does that too, but I assume you already tried that.
Let me know.
pijoter
3 Posts
0
July 12th, 2023 23:00
Hi Chris,
It's about a vulnerability scan contest on all ports used by the SCG. For now, we use the following ports: 8443, 9443, 5700, 443. For the first three, we managed to change according to the instructions. Unfortunately, for the last one, i.e. 443, I do not see such a possibility and unfortunately we have it detected in vulnerability scans.
DELL-Marco B
Moderator
Moderator
•
3.4K Posts
0
July 13th, 2023 04:00
Hello,
I don't see a way to replace this port, anyway I will ask internally to technical support and in case it will be possible I can keep you update.
Thanks