Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Sensor 'server' cert flagged by Nessus Scan 'Nessus 51192 - SSL Certificate cannot be trusted'

EDR: Sensor 'server' cert flagged by Nessus Scan 'Nessus 51192 - SSL Certificate cannot be trusted'

Environment

  • EDR Server: All Supported Versions

Symptoms

  • Receiving 'Nessus 51192 - SSL Certificate cannot be trusted' from Nessus Scan'

Cause

  • Description from Tenable site: 
    • When plugin 51192 - 'SSL Certificate Cannot Be Trusted' is triggered, it is usually because the certificate at the top of the Certificate Chain is signed by an unknown certificate authority. Plugin 51192 it will have output similar to "The following certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority"

Resolution

  • There are no security implications with our sensor 'server' certificate. 
  • The sensor group certificates are signed with the server certificate.  EDR uses certificate pinning, meaning: before the sensor talks to the server, during the TLS handshake, it compares the certificate shown on the network to the one on the disk.  They have to match or the communications are disconnected.
  • To trust the certificate, we can follow the instructions found here.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-25-2021
Views:
3312
Contributors