How do i assign a custom signed cert to this port being used by commvault and sql? Nessus vuln scanner is scanning port 51984 and showing a unsecure self signed certificate.
Userlevel 7
+21
- Vaulter
- 1010 replies
-
5 April 2023
Hi
That is an ephemeral port (dynamically assigned) probably from cvd.exe - these types of ports use the Built-in Commvault CA to manage authentication between clients. You cannot provide a custom certificate - clients expect certs from the Commvault CA.
If you want to know exactly what service is running that port you can take a look at this reg key on the server: KEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\Runtime
That lists each service and in the data column the port number associated. Commvault will try reuse the same port on restart but it will change if the OS gave it to another process.
But long story short, this shouldn't be a security risk.
Relevant documentation: https://documentation.commvault.com/2022e/expert/7512_client_certificates.html
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.