09-10-2020 01:00 PM
Hello,
Is it best/common practice to install a customized certificate for stealtwatch SMC or is it recommended to use the original self generated certificate? There isn't much documentation on this topic. I tried to use a CA cert in the lab and it was a royal pain.
Thanks
Solved! Go to Solution.
09-11-2020 07:57 PM
It's more of a preference and policy issue than it is anything to do with the StealthWatch functionality.
Some organizations take the approach that anything that is secured with a certificate should have a proper one signed by a trusted CA. However others say that since the only people interacting with the SMC are qualified security practitioners they know that accepting the self signed certificate is not a security risk in this case.
I lean towards the former camp but it does mean we have to increase our skills with certificates and CAs. Vendors could certainly do a better job at making it easier. I have at least a dozen very different methods for dealing with certificates just among the Cisco products I use. If I spend half a day wrestling with certificate configuration, that's half a day I'm not dealing with actual security issues.
09-11-2020 07:57 PM
It's more of a preference and policy issue than it is anything to do with the StealthWatch functionality.
Some organizations take the approach that anything that is secured with a certificate should have a proper one signed by a trusted CA. However others say that since the only people interacting with the SMC are qualified security practitioners they know that accepting the self signed certificate is not a security risk in this case.
I lean towards the former camp but it does mean we have to increase our skills with certificates and CAs. Vendors could certainly do a better job at making it easier. I have at least a dozen very different methods for dealing with certificates just among the Cisco products I use. If I spend half a day wrestling with certificate configuration, that's half a day I'm not dealing with actual security issues.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: