AnsweredAssumed Answered

False positive I can't get rid of

Question asked by Yves Moisan on Nov 15, 2013
Latest reply on Nov 18, 2013 by Yves Moisan

Hi All,

 

I'm struggling with this vulnerability : SSL Certificate - Subject Common Name Does Not Match Server FQDN.  It says in the description that this may be due to not having reverse DNS lookup, but we have it and I can ascertain nslookup for the IP does resolve to the FQDN. 

 

We're scanning a windows 2008 R2 machine and we have installed a certificate issued by our DC, which we've also added as a trusted CA in Qualys Guard.  The only thing I can see is that there may be a case mismatch, that is we're using BIND for (reverse) DNS that is returning a string like :

 

netbiosname.my.domain.com

 

where as the FQDN in the certificate is

 

NETBIOSNAME.my.domain.com

 

Could this be a cause for the "(NETBIOSNAME.my.domain.com) and IP (10.x.x.x) don't match" error ?

 

TIA

Outcomes