Details

Remotely accessing vCenter via the rhttpproxy involves sensitive information going over the wire. To protect the confidentiality and integrity of these communications, the rhttpproxy must be configured to use an encrypted session of HTTPS rather than plain-text HTTP. The SSL configuration block inside the rhttproxy configuration must be present and configured correctly to safely enable TLS.

Solution

Navigate to and open /etc/vmware-rhttpproxy/config.xml.

Locate the first block and set its content to the following:

/etc/vmware-rhttpproxy/ssl/rui.key
/etc/vmware-rhttpproxy/ssl/rui.crt

localhost

Restart the service for changes to take effect.

# vmon-cli –restart rhttpproxy

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-17(1)
• CAT|II
• CCI|CCI-002314
• Rule-ID|SV-240723r679682_rule
• STIG-ID|VCRP-67-000008
• Vuln-ID|V-240723

Source

• Tenable.com/audits