More Info:

In Microsoft Azure Key Vault, check for any certificates that are generated with minimum key size allowed within your organization, for security and compliance purposes.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

To remediate this issue in Azure using Azure Console, follow the below steps:

  1. Login to Azure portal (https://portal.azure.com/)

  2. Navigate to the Azure Key Vault where the certificate is stored.

  3. Click on the certificate that needs to be updated.

  4. Click on the “Versions” tab and then click on the latest version of the certificate.

  5. Click on the “Download” button to download the certificate.

  6. Use OpenSSL or any other certificate management tool to update the certificate key size to the recommended key size.

  7. Once the certificate is updated, upload the updated certificate to Azure Key Vault.

  8. Navigate to the Azure Virtual Machine where the certificate is used.

  9. Click on the “Networking” tab and then click on the “Network interface” associated with the virtual machine.

  10. Click on the “IP configurations” tab and then click on the “Public IP address” associated with the virtual machine.

  11. Click on the “Configuration” tab and then click on the “SSL certificates” tab.

  12. Click on the “Add” button and then select the updated certificate from the Azure Key Vault.

  13. Click on the “Save” button to save the changes.

  14. Verify that the updated certificate is now being used by the virtual machine.

By following these steps, you can remediate the certificate key size issue in Azure using Azure Console.

Additional Reading: