Problem
Security scanners may report an SSL Certificate-related vulnerability against Catchpoint node installations on Linux systems.
Symptoms
The following certificate would show up nearing expiration on December 08, 2021
Certificate CN=\*.cpnode.net, OU=Domain_Control_Validated
Solution
Upgrade to the latest Catchpoint node version (1.12.6+) which will remove the nginx certificate and the service listening on port 443.
Temporary work-around without upgrading
/sbin/iptables -A INPUT -p tcp --destination-port 443 -j DROP -i <interface>/sbin/service iptables save- To remove the certificate:
certmgr -del -c -v -m Trust 45600b2e9f6e75b0f9f36d4c8a4dad604600f57dsudo rm /etc/pki/ca-trust/source/anchors/catchpoint.crtsudo update-ca-trust
More Information
This certificate was part of a legacy feature that was used in the portal but is now deprecated.