Default self-signed certificates must not be used by the vCenter Server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| VCENTER-000032 | VCENTER-000032 | VCENTER-000032_rule | Medium |
| Description |
|---|
| Self-signed certificates, automatically generated by vCenter Server during the installation process, are not signed by a commercial CA, and might not provide strong security. Default self-signed certificates must be replaced with those from a trusted certification authority. |
| STIG | Date |
|---|---|
| VMware vCenter Server Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-VCENTER-000032_chk ) |
|---|
| Ask the SA if self-signed certificates on the vCenter Server have been changed to certificates from a trusted certification authority. Alternatively, use the vSphere Client from a remote system to log into the vCenter Server. If a certificate warning dialog box appears, a valid certificate from a trusted certification authority is not used, and this is a finding. |
| Fix Text (F-VCENTER-000032_fix) |
|---|
| Replace default self-signed certificates with those from a trusted certification authority, either a commercial CA or an organizational CA. |