AnsweredAssumed Answered

Scanner Trusted CA setup for our PKI

Question asked by Stephen Frost on Jul 19, 2015
Latest reply on Jul 23, 2015 by Stephen Frost

Hoping that someone can help me understand the process around making our Qualys Vulnerability Scans "aware" of our internal PKI CA Root, so that internally-issues certificates no longer show as Untrusted.

I've looked at the Scans, Setup, Scanner Trusted CA screen.

I've downloaded the OpenSSL tools and believe I understand the commands needed to export the Windows PKI cert(s) into .PEM format.

What I am really wary of is exporting our PKI CA root certificate into a third-party system like Qualys.

Have others done this?  Am I right to be wary, or am I just being paranoid?

Does the process boil down to:  (a) export the PKI CA root certificate along with the Private Key; and (b) import it into Qualys?

Outcomes