TAGGED: license-server-machine
-
-
February 29, 2024 at 6:44 pmKoontzjaSubscriber
We run a network license server in our environment, and our security scans are yelling about "SSL Certificate signed using weak hashing algorithm". The recommended solution is "Contact the Certificate Authority to have the SSL certificate reissued". My question is, is this something I need to obtain from Ansys or something I need to generate on my end? I am happy to provide any additional details if they are needed.
Â
Thank you
-
March 1, 2024 at 12:24 pmRajeshwari JadhavAnsys Employee
Hi Koontzja,
Can you please inform me Ansys product version? Also, can you provide more information to understand the issue better?
-
April 8, 2024 at 1:43 pmKoontzjaSubscriber
Running Ansys License Manager 2024 R1. Here is some more information from the ticket I received: "Vulnerability.Description Details
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.Vulnerability.Solution TypeContact the Certificate Authority to have the SSL certificate reissued.Vulnerability.SummaryAn SSL certificate in the certificate chain has been signed using a weak hash algorithm.Vulnerability.Detection (This is not the full certificate just a portion since it is being posted on a forum)The following certificates were part of the certificate chain sent bythe remote host, but contain hashes that are considered to be weak.Subject : O='ANSYS Inc'/C=US/ST=PA/L=Canonsburg/CN='ANSYS Licensing Authority Certificate'Signature Algorithm : SHA-1 With RSA EncryptionValid From : Oct 22 10:08:06 2008 GMTValid To : Oct 10 10:08:06 2058 GMTRaw PEM certificate : -----BEGIN CERTIFICATE-----MIIDSzCCArSgAwIBAgIJAOUPCPOTnxfzMA0GCSqGSIb3DQEBBQUAMHcxFDASBgNVBAoTCydBTlNZUyBJbmMnMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUEExEzARBgNVBAcTCkNhbm9uc2J1cmcxMDAuBgNVBAMTJydBTlNZUyBMaWNlbnNpbmcgQXV0aG9yaXR5IENlcnRpZmljYXRlJzAgFw0wODEwMjIxMDA4MDZaGA8yMDU4MTAxMDEwMDgwNlowdzEUMBIGA1UEChMLJ0FOU1lTIEluYycxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJQQTETM"ÂEssentially it's stating I need the SSL certificate that was initially issued, and reissued for the server. It looks like something that was generated on your alls end, but please correct me if I am wrong. If I can provide any other information please let me know.ÂThank you!
-
-
May 7, 2024 at 3:45 pmGeorge RidgeSubscriber
Has there been any update to this question anywhere - asking as our security team has flagged up the same issue.
Thanks-
May 16, 2024 at 7:12 pmKoontzjaSubscriber
No update on this yet
-
-
May 13, 2024 at 6:44 amdry firewoodSubscriber
Friday Night Funkin is an incredibly tense and exciting music and rhythm game.
-
- The topic ‘SSL Certificate Signed Using Weak Hashing Algorithm’ is closed to new replies.
- Workbench license error
- Unexpected error on Workbench: Root element not found.
- not able to get result
- Unable to recover corrupted project in Workbench
- Unexpected issues with SCCM deployment of Ansys Fluids and Structures 2024 R1
- Questions and recommendations: Septum Horn Antenna
- AQWA: Hydrodynamic response error
- Tutorial or Help for 2 way FSI
- Moment Reaction probe with Large deformation
- 2 way coupled FSI for ball bearing
-
1216
-
543
-
523
-
225
-
209
© 2024 Copyright ANSYS, Inc. All rights reserved.