Articles tagged with: vcenter hardening

vSphere Hardening – G5 : Remove revoked SSL certificates from the ESXi server

Guideline ID : ESXi.remove-revoked-certificates

Vulnerability Discussion : By default, each ESXi host does not have CRL checking available. Revoked certificates must be checked and removed manually. These are typically custom generated certificates from a corporate certificate authority or 3rd party authority.

Risk Profile : 1, 23

Description : Leaving expired or revoked certificates or leaving vCenter Server installation logs for failed installation on your vCenter Server system can compromise your environment.

Removing expired or revoked certificates is required for the following reasons.

  • If expired or revoked certificates are not removed from the vCenter Server system, the environment

Read The Rest ......