Self signed certificate in use with VSM is reported as a vulnerability

Document ID : KB000074479
Last Modified Date : 09/06/2018
Show Technical Document Details
Issue:
A vulnerability scan is reporting one of the VSMs as vulnerable, using a self-signed certificate.
Environment:
All supported DevTest releases.
Cause:
When enabling a VSM to 'Use SSL to Client', the default keystore, $DEVTEST_HOME/webreckeys.ks is used, if no other keystore is specified.
Resolution:
Verify which port is being reported by the vulnerability scan to confirm which Virtual Service is using the self signed certificate.
Open this VSM in the Workstation and open the Virtual HTTP/S Listener step.
Verify what is the keystore provided in the Listener step under SSL keystore file. By default DevTest will use the webreckeys.ks keystore that is provided in the property ssl.server.cert.path.
Update this step with your trusted keystore and its password, save and redeploy the service to the VSE Server.
Additional Information:
For more information regarding the Virtual HTTP/S Listener Step:
https://docops.ca.com/devtest-solutions/10-1/en/using/using-ca-service-virtualization/using-devtest-workstation-with-ca-service-virtualization/editing-a-vsm/virtual-http-s-listener-step

For more information on the webreckeys.ks keystore:
https://docops.ca.com/devtest-solutions/10-1/en/administering/security/using-ssl-to-secure-communication/ssl-certificates