0

I worked in Dev team and my IT security team shared scanning report and asked me to fix it.

Report mentioned that "X.509 Certificate Subject CN Does Not Match the Entity Name" and "Untrusted TLS/SSL server X.509 certificate" on my Database server which no IIS installed. I checked on MMC Snap-In and found no any certificates there.

Need advice and help from all guiding me, where can I find such X.509 certificate and remove it? Thanks in advance.

user11968704
  • 69
  • 1
  • 3
  • 2
    X.509 certificates are used for much more than web servers, i.e.: much more than IIS. Your security team must never have encountered Microsoft SQL Servers before or they'd know that SQL Server installs, by default, with a self-signed certificate. If you remove that certificate you'll prevent encrypted connections from occuring - will that make them happier? If they can supply you with a CA-signed, or appropriately organization-signed, X.509 certificate then you can [replace the existing one](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/manage-certificates). – AlwaysLearning Jun 22 '22 at 03:53
  • thank you very much for your advice and help. I guess that my security team may not familiar with SQL Server and self-signed certificate. I'll search Microsoft document that can use as reference otherwise this issue will remain forever. Than you again for your help. – user11968704 Jun 22 '22 at 05:04

0 Answers0