jhuenema
10 years agoLevel 3
Dedupe Server - necessity and SSL
Hi, all;
Our company's information security organization is examining security vulnerabilities across the enterprise and has flagged two particular lines for DLO:
- SSLv3 enabled on Dedupe Server (I have already remediated via http://www.symantec.com/business/support/index?page=content&id=TECH228467)
- Self-signed cert / not signed by well-known root CA on Dedupe server
I've opened a formal support case to see if we were able to replace the self-signed cert for Tomcat (Mindtree StoreSmart Dedupe Server), and was told "you can try it, but you lose support for the product." My security organization wants to know:
- Is this definitely the case, that it's an unsupported configuration to replace the default self-signed cert with one from our certificate authority?
- Since we don't use the dedupe feature at all, can we disable the service and not keep it active? All of our profiles and storage locations do not have dedupe enabled.
To be compliant with our security requirements, we would really like to be able to at least replace the cert, if not turning the service off.