Hello,
I just need to meet some audit requirements. I am not a cryptography expert and have no desire to become one. Just want to make errors go away on a LOCAL WINDOWS DOMAIN. We have an Enterprise CA. Here are the audit findings I am trying to remediate:
ISSUE 1
Expired SSL certificate
Risk Management: Eliminate
Potential Impact: Information disclosure. A man-in-the-middle attack may succeed more easily
because users will be used to seeing an error regarding the site certificate.
Remediation: Install a valid certificate from an authority that is trusted by end-user systems
Then it gives the ips of local servers on a windows domain Noted Vulnerable Hosts: Ports 443, 8089/tcp
192.x.x.x, 192.x.x.x, etc....
ISSUE 2
3.6.3 Self-signed SSL certificate MEDIUM
Risk Management: Eliminate
Potential Impact: Information disclosure. A man-in-the-middle attack may succeed more easily
because users will be used to seeing an error regarding the site certificate.
Remediation: Install a valid certificate from an authority that is trusted by end-user systems
Potential Threat Source: Malicious employee, criminal hacker
Related NIST Controls: CM-3, CM-6, CM-7, SC-8
Noted Vulnerable Hosts: Ports 443, 636, 3269, 5061, 8089, 9090, 9443/tcp 192.x.x.x. 192.x.x.x etc...
So I am looking for the SIMPLEST and EASIEST way to fix this issue. If you can explain it fully, in one paragraph, without using any hyperlinks, and without leaving anything out (which you probably will!) then you will a prize!!
For review, we have a local windows server 2008 R2 enterprise CA server on the domain.
THANKS!