VCRP-67-000008 - The rhttproxy must exclusively use the HTTPS protocol for client connections - certificate


Remotely accessing vCenter via the rhttpproxy involves sensitive information going over the wire. To protect the confidentiality and integrity of these communications, the rhttpproxy must be configured to use an encrypted session of HTTPS rather than plain-text HTTP. The SSL configuration block inside the rhttproxy configuration must be present and configured correctly to safely enable TLS.


Navigate to and open /etc/vmware-rhttpproxy/config.xml.

Locate the first <ssl> block and set its content to the following:

<!-- The server private key file -->
<!-- The server side certificate file -->
<!-- vecs server name. Currently vecs runs on all node types. -->

Restart the service for changes to take effect.

# vmon-cli --restart rhttpproxy

See Also

Item Details


References: 800-53|AC-17(1), CAT|II, CCI|CCI-002314, Rule-ID|SV-240723r879692_rule, STIG-ID|VCRP-67-000008, Vuln-ID|V-240723

Plugin: Unix

Control ID: 6b53284ba5ab1d34329cd71a65f45196fbbfd3e381b614897aec10923d0396f0