Vulnerability scan or web browser reports Messaging Gateway Control Center certificate as invalid
Article ID: 169948
Updated On:
Products
Issue/Introduction
When running vulnerability scans against the Messaging Gateway (SMG) Control Center or connecting to it with a web browser the server TLS certificate is reported as invalid and the communication not secure.
Cause
Messaging Gateway ships with a default self-signed demo certificate which contains no Subject Alternative Names (SAN) which are required for hostname validation and which is not signed by a third party certificate authority.
Resolution
The demo certificate is for demonstration purposes only and intended to be replaced in a secure production environment by a third party signed certificate.
Note: Creating a Certificate Signing Request (CSR) in the SMG Control Center Administration > Certificates page does not currently allow the addition of subject alternative names to the CSR. It is recommended that the CSR be generated outside of the SMG Control Center Gui and then the signed certificate and private key be imported as described in Importing a Certificate Authority signed certificate.
Feedback
