port 51984 using self signed cert

  • 30 March 2023
  • 1 reply

Badge +3

How do i assign a custom signed cert to this port being used by commvault and sql?  Nessus vuln scanner is scanning port 51984 and showing a unsecure self signed certificate.

1 reply

Userlevel 7
Badge +21

Hi @Ricky,

That is an ephemeral port (dynamically assigned) probably from cvd.exe - these types of ports use the Built-in Commvault CA to manage authentication between clients. You cannot provide a custom certificate - clients expect certs from the Commvault CA.

If you want to know exactly what service is running that port you can take a look at this reg key on the server: KEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\Runtime

That lists each service and in the data column the port number associated. Commvault will try reuse the same port on restart but it will change if the OS gave it to another process.

But long story short, this shouldn't be a security risk.

Relevant documentation: