Results 1 to 5 of 5
  1. #1
    Newbie
    Join Date
    Aug 2020
    Posts
    9

    Question SSL Certificate is listed as invalid

    Here's the situation:
    From what I'm able to find through Untangle's web interface, my u50 is self-signing for any incoming SSL requests, despite how I've never configured it to do so. Our business received a remote request from a credit card processing company for security compliance reasons, and evidently it's our SSL processing methods that are to blame for us being noncompliant.

    We received a "report" through the card company's "very helpful" web interface that lists the signature itself, the expiration date, and the fact that we're self-signing as vulnerabilities. Given that I've never configured the untangle box to handle that sort of traffic, and that I've specifically run all of our card processing machines through distinct subnets that shouldn't be managed by untangle in the first place, I'm curious as to why the following is what I'm seeing:

    jeez.png

    What I've done:
    I've investigated the admin certificates on the untangle web interface and verified that we are indeed signing our own certificates, but I've also got what appears to be a secondary certificate issued by untangle itself.
    I've also verified that I have no services running on Port 1194 (which is shown in the image above) and am specifically preventing passthrough for 1194-UDP.

    nohappy.png

    I'm hoping to resolve the SSL noncompliance, but with how little information I'm receiving I'm not sure what the best next step is. Many thanks!

  2. #2
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,335

    Default

    Are you using openvpn? That uses 1194 udp.

  3. #3
    Newbie
    Join Date
    Aug 2020
    Posts
    9

    Default

    Quote Originally Posted by donhwyo View Post
    Are you using openvpn? That uses 1194 udp.
    Technically yes, but I've disabled that on the network to see if we'd pass compliance, to no avail.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,263

    Default

    If you power down the OpenVPN module, UDP 1194 no longer answers. If it's still answering to generate the scan in question, you've got something else going on.

    I assume that 69. whatever IP in the screen shot is on Untangle?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Aug 2020
    Posts
    9

    Default

    Turns out I hadn't fully disabled OpenVPN. sky-knight's solution helped me track down the problem and it worked out. Thanks!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2