Forum Discussion

Asim_Afzal_1147's avatar
Icon for Nimbostratus rankNimbostratus
Sep 02, 2015

SSL Certificate - Signature Verification Failed Vulnerability



i have following vulnerability on the scan.Can some body know how to fix this


F5 ASM version 11.4


SSL Certificate - Signature Verification Failed Vulnerability


CVSS Temporal: 6.9 TCP/443 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority. If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication. Compliance Status Fail Impact By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur. Exception: If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature. Category General remote services Port 443 CVSS Base Score 9


1 Reply

  • not that much information (sure a whole lot of text on the issue, but that is just copy pasting).


    i assume a basic vulnerability scan (probably with Qualys) was performed against the management interface of your BIG-IP?


    in that case it probably doesn't like that you are using the the self signed BIG-IP server certificate which isn't signed by a CA the scanning tool knows. so to resolve this you have to put a certificate signed by a known CA on the BIG-IP: