Fuel for OpenStack

Self-Signed Certificate and Weak Certificate Chain

Bug #1585144 reported by Adam Heczko
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Invalid
Medium
Fuel Documentation Team
Fuel for OpenStack 9.0
6.1.x
Invalid
Medium
MOS Maintenance
Fuel for OpenStack 6.1-updates
Mitaka
Invalid
Undecided
Unassigned

Bug Description

Asset Impacted:
FUEL Web Application Port 443

Detailed bug description:
The certificate is unable to be trusted. Because of this the server is more susceptible to a man in the middle attack.

Expected results:
Provide guidance how to change Fuel's default TLS certificates.

Oleksiy Molchanov (omolchanov)
Changed in fuel:
assignee: nobody → Fuel Documentation Team (fuel-docs)
status: New → Confirmed
Revision history for this message
Rodion Tikunov (rtikunov) wrote :

It realised in 7.0 within blueprint https://blueprints.launchpad.net/fuel/+spec/ssl-endpoints. There is the discussion in mailing list: http://osdir.com/ml/openstack-dev/2015-08/msg00407.html
It will be too big/dangerous change to backporting it in 6.1.

Revision history for this message
Rodion Tikunov (rtikunov) wrote :

From 7.0 it is possible to change default TLS certificates as described in our documentation [0].

[0] https://docs.mirantis.com/fuel/fuel-master/operations.html#switching-on-ssl-and-secure-access

Adam Heczko (aheczko-mirantis)
tags: added: security-aic
Revision history for this message
Adam Heczko (aheczko-mirantis) wrote :

This is about MITM associated to self signed certs. IMO appropriate solution is to provide guidance how to change Fuel certificates with trusted ones (signed off by trusted CA). AFAIK documentation covering this is available.

Changed in fuel:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.