A customer ran a vulnerability scanning tool in their network, and it reported the following on their Authentication Manager servers (port 7002):
“Vulnerability: SSL Certificate Cannot Be Trusted: The SSL certificate for this service cannot be trusted.”
“Vulnerability: SSL Self-Signed Certificate: The SSL certificate chain for this service ends in an unrecognizedself-signed certificate.”
They have already replaced the SSL certificate used for the Authentication Manager console (Console Certificate), but wanted some more information about the certificates in use on port 7002, to provide back to the audit team. Specifically:
- When/where are these certificates generated (for example: at initial system setup, or pre-generated in the image)?
- Is it possible to replace the certificate used on port 7002 (and if so, how)?
- If it is possible to replace the certificate, what side effects/risks might that introduce (for example, would they need to update all their API clients? Or carefully coordinate updating the Primary and Replicas in some specific order?)