Information
Apply a signed certificate from a trusted Certificate Authority (CA) to the SSL VPN portal to allow users to connect securely with confidence.
Rationale:
Having an unsigned or self signed certificate leaves connections open to man-in-the-middle attacks and could allow users to connect to untrusted servers.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Import a signed certificate from a trusted CA through the GUI:
1. Go to System > Certificates > Import.
2. Then assign the certificate to the SSL VPN portal by going to VPN > SSL-VPN Settings and selecting the proper certificate in the dropdown for 'Server Certifcate'.
Default Value:
Self Signed Factory installed certificate
Item Details
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-18, 800-53|AC-18(1), 800-53|AC-18(3), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, CSCv7|1.8, CSCv7|12.2
Control ID: c519425aa8d13639e4184a48163869bf2d12cadbfd9303183ec2b5f0d369554b