https://community.cisco.com/t5/network-security/ssl-self-signed-certificate-findings-on-nessus-scans-on-cisco/m-p/3353237#M903077 <P>When our IA team performed security scans, an SSL Self-Signed medium finding was discovered along with other SSL findings. How do I resolve this issue? We do not use a CA, just a generated cipher and cert by the switch itself along with all the other switches on our network. How do i go in too check the SSLs, change, delete or update? The switch is currently running C3750-IPSERVICESk9-M 12.2(55)SE11 IOS. Would an IOS upgrade resolve any of the issues below? I cannot find any information on the possibility of it solving any of these issues.</P> <P>&nbsp;</P> <P>Below are the other findings:</P> <P>SSL Certificate cannot be trusted</P> <P>SSL Version 2 and 3 Protocol Deletion</P> <P>SSL Weak Cipher Suites Supported</P> <P>SSL Certificate sighned using weak hashing algorithm&nbsp;</P> <P>SSL Medium Strength cipher suites supported&nbsp;</P> <P>SSL Self signed certificate&nbsp;</P> <P>SSLv3 Padding Oracle on Downgraded Legacy Encryption Vulnerability (POODLE)</P> <P>NTP Mode 6 Scanner</P> Fri, 21 Feb 2020 15:33:06 GMT gbenoit83 2020-02-21T15:33:06Z https://community.cisco.com/t5/network-security/ssl-self-signed-certificate-findings-on-nessus-scans-on-cisco/m-p/3353237#M903077 <P>When our IA team performed security scans, an SSL Self-Signed medium finding was discovered along with other SSL findings. How do I resolve this issue? We do not use a CA, just a generated cipher and cert by the switch itself along with all the other switches on our network. How do i go in too check the SSLs, change, delete or update? The switch is currently running C3750-IPSERVICESk9-M 12.2(55)SE11 IOS. Would an IOS upgrade resolve any of the issues below? I cannot find any information on the possibility of it solving any of these issues.</P> <P>&nbsp;</P> <P>Below are the other findings:</P> <P>SSL Certificate cannot be trusted</P> <P>SSL Version 2 and 3 Protocol Deletion</P> <P>SSL Weak Cipher Suites Supported</P> <P>SSL Certificate sighned using weak hashing algorithm&nbsp;</P> <P>SSL Medium Strength cipher suites supported&nbsp;</P> <P>SSL Self signed certificate&nbsp;</P> <P>SSLv3 Padding Oracle on Downgraded Legacy Encryption Vulnerability (POODLE)</P> <P>NTP Mode 6 Scanner</P> Fri, 21 Feb 2020 15:33:06 GMT https://community.cisco.com/t5/network-security/ssl-self-signed-certificate-findings-on-nessus-scans-on-cisco/m-p/3353237#M903077 gbenoit83 2020-02-21T15:33:06Z https://community.cisco.com/t5/network-security/ssl-self-signed-certificate-findings-on-nessus-scans-on-cisco/m-p/3353476#M903079 <P>Greg,</P> <P>&nbsp;</P> <P>If you use the commands below this should clear up your findings.</P> <P>&nbsp;</P> <DIV class="line number1 index0 alt2"><CODE class="text plain">no ip http secure-server</CODE></DIV> <DIV class="line number2 index1 alt1"><CODE class="text plain">no ip http server</CODE></DIV> <DIV class="line number2 index1 alt1"><CODE class="text plain">&nbsp;</CODE></DIV> Thu, 22 Mar 2018 19:14:32 GMT https://community.cisco.com/t5/network-security/ssl-self-signed-certificate-findings-on-nessus-scans-on-cisco/m-p/3353476#M903079 mburnno 2018-03-22T19:14:32Z