| Asset ID: |
1-72-2348521.1 |
| Update Date: | 2018-01-16 |
| Keywords: | |
Solution Type
Problem Resolution Sure
Solution
2348521.1
:
Network security scanner reports "SSL certificate for this service cannot be trusted."
| Related Items |
- Oracle FS1-2 Flash Storage System
|
| Related Categories |
- PLA-Support>Sun Systems>DISK>Flash Storage>SN-EStor: FSx
|
This article explains why network security scanners can report an incident with an Flash Storage product.
In this Document
Created from <SR 3-16431395931>
Applies to:
Oracle FS1-2 Flash Storage System - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.
Symptoms
One of the following is happening:
- Customer's network security scanner reports "SSL certificate for this service cannot be trusted".
- A web browser reports "this website is not secure".
- The HTTP message SEC_ERROR_UNKNOWN_ISSUER is reported.
Changes
Cause
This is caused by the web server hosted on the pilot that offers a HTTPs connection when connecting via a web browser in order to check the status and events (This is a different access method than using the Oracle FS System Manager (GUI) or the Rest API). The FS1 interface requires a login and password in order to display the information.
If a customer assigns a full qualified hostname to the FS1, a browser or security scanner would expect to be able to validate the identity of the web server on the FS1. This check is important on the internet to make sure that websites are genuine and the user is not being redirected to malicious website. However on an internal network it should be able to check that the hostname and IP address match and are genuine. Unfortunately it is not possible to upload a certificate on the FS1 web server
Solution
When this error comes from a security scanner or an alert from a web browser and as long as the user is sure that the fully qualified hostname and the IP address are correct, the alert can be ignored.
Attachments
This solution has no attachment
