ESXi Certificate issues
- Amanda McGown
- Chris Boldiston
Product Name
CIS-CAT Pro Assessor
Product Version
v4.0.24+
Date
Dec 28, 2020
Problem
Even after reviewing this Knowledge Base article on assessing an ESXi Benchmark , CIS-CAT Pro Assessor v4 cannot connect to your ESXi host.
Solution
Review the ‘assessor-cli.log’ which was produced after following these steps for CIS-CAT Pro Assessor v4: https://cisecurity.atlassian.net/wiki/spaces/STPS/pages/728727902
Search for errors such as these VIServer errors:
14/10/2020 16:28:40.466 INFO org.cisecurity.powershell.impl.LocalPowershell - Response: Connect-VIServer :
10/14/2020 4:28:39 PM Connect-VIServer Error: Invalid server certificate.or these again regarding VI errors
+ CategoryInfo : ObjectNotFound: (:) [Connect-VIServer], ViServerConnectionException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_NameResolutionFailure,VMware.VimAutomation.Vi
Core.Cmdlets.Commands.ConnectVIServer
or these, server certificate is not configured properly errors
20/10/2020 19:43:10.507 INFO org.cisecurity.powershell.impl.LocalPowershell - Response:
Connect-VIServer :
2020-10-20 19:43:09 Connect-VIServer An error occurred while making the HTTP request to
https://192.168.101.46/sdk. This could be due to the fact that the server certificate is not configured properly with
HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the
server. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.
Remediation: The certificate must be ignored for the assessment to execute. In Powershell, execute the following command:
Setting this option to “Ignore” should be reviewed against organizational policies.