Updating Pulse Secure vTM Control Port(9080) Certi...

tenajsystems · ‎02-10-2021

We noticed that the certificate that is used by the Pulse Secure vTM control port (9080) uses a self signed certificate which is trigering our security scan as vulnerable. Is there a way to update the certificate been used by the control port? I have looked through the Pulse Secure vTM docs but couldn't find anything in there that talks about it. The control port certificate seems to be stored in

/usr/local/zeus/zxtm/etc/control/

with the private key called

control.private

and the public key called

control.public

In addition to this, the control.public key is used in the config found in

/usr/local/zeus/zxtm/conf/zxtms

for the cluster.

Any thoughts or suggestions on how to go about updating this certificate?

Thank you,

ldarby · ‎03-01-2021

Hi tenajsystems,

As of vTM 20.1 the control cert can be a cert chain, not just a self-signed cert.

Updating the cert for now is a manual process, which is to manually replace the cert/key files and edit the config in conf/zxtms/hostname with a text editor. (Note the cluster config needs to be manually sync after editting anything in conf). There is open RFE-1453 to automate this process.

If you need further assistance with this, and have a support contract, then please open a support case with us.

Regards,

Laurence

Pulse Secure vADC Support (Acquired by Ivanti)

Updating Pulse Secure vTM Control Port(9080) Certificate

Updating Pulse Secure vTM Control Port(9080) Certificate

Re: Updating Pulse Secure vTM Control Port(9080) Certificate