The rhttproxy must exclusively use the HTTPS protocol for client connections.

The rhttproxy must exclusively use the HTTPS protocol for client connections.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-240723	VCRP-67-000008	SV-240723r679682_rule		Medium

Description
Remotely accessing vCenter via the rhttpproxy involves sensitive information going over the wire. To protect the confidentiality and integrity of these communications, the rhttpproxy must be configured to use an encrypted session of HTTPS rather than plain-text HTTP. The SSL configuration block inside the rhttproxy configuration must be present and configured correctly to safely enable TLS.

STIG	Date
VMware vSphere 6.7 RhttpProxy Security Technical Implementation Guide	2022-01-03

Details

Check Text ( C-43956r679680_chk )
At the command prompt, execute the following command: # xmllint --xpath '/config/ssl' /etc/vmware-rhttpproxy/config.xml Expected result: /etc/vmware-rhttpproxy/ssl/rui.key /etc/vmware-rhttpproxy/ssl/rui.crt localhost If the output does not match the expected result, this is a finding.

Fix Text (F-43915r679681_fix)
Navigate to and open /etc/vmware-rhttpproxy/config.xml. Locate the first block and set its content to the following: /etc/vmware-rhttpproxy/ssl/rui.key /etc/vmware-rhttpproxy/ssl/rui.crt localhost Restart the service for changes to take effect. # vmon-cli --restart rhttpproxy