2.4 Ensure default self-signed certificate for ESXi communication is not used

Information

The default certificates are not signed by a trusted certificate authority (CA) and should be
replaced with valid certificates that have been issued by a trusted CA.

*Rationale*

Using the default self-signed certificate may increase risk related to man-in-the-middle (MITM) attacks.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Leverage VMware's SSL Certificate Automation Tool to install CA-signed SSL
certificates. For more information on this tool, please
see http-//kb.vmware.com/kb/2057340.

See Also

https://workbench.cisecurity.org/files/2168

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-12

Plugin: Unix

Control ID: 0117c338fa49f3efe2b76687752ff392662c90b52ce22c03bbb0d74174c7cadc