Problem
Vulnerability scans reports contain entries related to the NetBackup-issued SSL certificates in the environment.
Error
Errors may vary but generally will include descriptions similar to the following:
- Medium 51192 - SSL Certificate Cannot Be Trusted
- Medium 57582 - SSL Self-Signed Certificate
- Medium 45411 - SSL Certificate with Wrong Hostname
- QID-38173 SSL Certificate - Signature Verification Failed Vulnerability
- QID-38685: SSL Certificate - Invalid Maximum Validity Date Detected
Solution
NITA, NetBackup, NetBackup Appliances and OpsCenter generate a self-signed SSL certificate for the first time hostname configuration, which is by design and is not an issue.
So SSL Certificate Cannot Be Trusted, SSL Self-Signed Certificate, and Signature Verification Failed Vulnerability reported vulnerabilities can be safely ignored.
For the "SSL Certificate with Wrong Hostname" issue on appliances, a fully qualified hostname should be used for the configuration of hostname step during the appliance setup to avoid this vulnerability alert.
Applies to:
- NetBackup 7.x, 8.x, 9.x, 10.x
- Appliances 2.x, 3.x, 4.x, 5.x
- NetBackup Opscenter
- NetBackup IT Analytics
- Any security vulnerability scanning application (Nessus, Tenable, Qualys, etc.)
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.