The PCoIP Security Gateway is failing a security scanner with SSL certificate errors
Problem
When running a security scan against the PCoIP Security Gateway, it fails based on factors such as:
- SSL Certificate - Subject Common Name Does Not Match Server FQDN port 4172/tcp over SSL
- SSL Certificate - Signature Verification Failed Vulnerability port 4172/tcp over SSL
Cause
Failing the security scan for the certificate can be for many reasons including:
- PCoIP Security Gateway is using the default self signed certificates
- The security scan is running by access the IP rather than using the FQDN based on the security gateway's host record
- The SSL Certificate does not have the IP in the subject alternative name
- The Root CA is not trusted
Resolution
- If is recommended that the default certificate is replaced on the PCoIP Security Gateway. Refer to the administrators' guide for the PCoIP Connection Manager and PCoIP Security Gateway for instructions for the version of the PCoIP Security Gateway in use.
Note: By default the PCoIP Connection Manager and PCoIP Security Gateway share the same certificate on the appliance. - Scan the appliance via the FQDN rather than IP.
- Ensure the security scanning software trusts the root CA.
Pertains to:
- security_gateway 1.10.0
- security_gateway 1.11.0
- security_gateway 1.12.1
- security_gateway 1.13.0
- security_gateway 1.14.0
- security_gateway 1.14.1
- security_gateway 1.7.0
- security_gateway 1.8.0
- security_gateway 1.9.0