Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

WCS Ver 6 SSl vulnerability

I am getting an audit result of my Windows based WCS 6 server, the following error must be corrected, and several others are notificaton only at present, but they may be increased in the future:

(Moderate risk)

IETF X.509 Certificate Signature Collision Vulnerability

(Attention)

Web Server Supports Weak SSL Encryption Certificates
TLS/SSL/X.509 Certificate All Fields Enumeration
SSL/TLS X.509 Certificate Server Name Mismatch

Now, I cannot get a signed certificate. (I had to beg to get the money for a cert on the WLC box)  If I create a self signed certificate (OpenSSL) will that eliminate the audit points, or is there some other error in the SSL implementation that cannot be changed?  I am not an expert at this, so I don't want to screw around with the certificates unless I know it will work without breaking my system.

Thanks,

Gene

4 REPLIES

Re: WCS Ver 6 SSl vulnerability

Can you please provide your WCS logs with level trace as well as a screnshot of your issue?

-----

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

New Member

Re: WCS Ver 6 SSL vulnerability

It is an audit conducted by our Internet Security folks against the server, not any result from the system itself.  They probe the system, and those were the results they got.

Re: WCS Ver 6 SSL vulnerability

By default, WCS presents a self-signed certificate unless you change that with a third party cert.

It's an apache tomcat webserver, that can use a signed cert or self signed cert.

New Member

Re: WCS Ver 6 SSL vulnerability

Yes, but if I provide a self signed certificate, will that eliminate the vulnerability, or is that inherent in the version of Apache used?

935
Views
0
Helpful
4
Replies
CreatePlease to create content