Remediation Steps

Follow the steps below to remediate this finding on Nginx webserver.

1. Replace the self-signed certificate with a CA-issued certificate.

2. For Let's Encrypt (public-facing sites):

   sudo certbot --nginx -d yourdomain.com

3. Update nginx.conf to reference the new certificate files:

   ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

4. Reload Nginx:

   sudo systemctl reload nginx