cancel
Showing results for 
Search instead for 
Did you mean: 
New Contributor

Clients create Self-signed CA Certificate

Is there a way to stop clients from creating a self-signed CA certificate. Problem is that they are not publically trusted so we are inundated with security vulnerabilties.

4 REPLIES 4
LogMeIn Contributor

Re: Clients create Self-signed CA Certificate

@wbocash  Hi there,

Could you elaborate on what kind of issues the self-signed CA is causing your clients?  What scans and URLs come up vulnerable exactly?

New Contributor

Re: Clients create Self-signed CA Certificate

We use Tenable Nessus for vulnerability scanning, but I'd assume any scanner would detect a self-signed CA certificate as a vulnerability. Here are more details on the vulnerability:

The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities. This nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Thanks!

New Contributor

Re: Clients create Self-signed CA Certificate

Following... Nessus is giving us fits with this
New Contributor

Re: Clients create Self-signed CA Certificate

Use the client's private key to generate a cert request. Issue the client certificate using the cert request and the CA cert/key prepaidgiftbalance.