05-15-2020 05:29 AM
A recent security scan showed a self-signed certificate generated by backup exec. This certficate is signed using SHA-1 which is considered weak.
Is there a way to get Backup Exec to create a new certificate using SHA256?
This is the certificte in question, port 60030
|-Subject : CN=SSL_Self_Signed_Fallback
|-Signature Algorithm : SHA-1 With RSA Encryption
05-16-2020 06:07 PM
Which process? dont think BE will use such high port or u changed?
05-19-2020 12:26 PM
Yep, it's not backup exec it's the SQL server backup exec uses.
I'm assuming when backup exec is installed the certificate for SQL is created. Not sure how to update it so it uses stronger encryption/cipher. Right now it's using SHA-1 but needs to use SHA-256.
05-20-2020 08:39 PM
Backup Exec installation will install SQL server a database.
During the SQL Server installation, it will generate a self-signed certificate.
You can use SQL Configuration Manager to replace a new SSL Certificate.