vms icon indicating copy to clipboard operation
vms copied to clipboard
verified publisher icon bitnami

myip.bitnami.com TLS misconfiguration

Open paxan opened this issue 1 year ago • 3 comments

Platform

AWS

bndiagnostic ID

not applicable

Error output from curl

output fragment from curl -sv https://myip.bitnami.com/:

* Server certificate:
*  subject: CN=bitnami.com
*  start date: Jun 24 01:44:52 2024 GMT
*  expire date: Sep 22 01:44:51 2024 GMT
*  subjectAltName does not match myip.bitnami.com
* SSL: no alternative certificate subject name matches target host name 'myip.bitnami.com'

bndiagnostic was not useful. Could you please tell us why?

Network issue is with myip.bitnami.com itself

Describe your issue as much as you can

The certificate associated with myip.bitnami.com only covers bitnami.com. It should also have SANs that cover myip.bitnami.com and any other variations such as myip2.bitnami.com

paxan avatar Jul 29 '24 18:07 paxan

Hi @paxan,

Thanks for using Bitnami. It is true that myip.bitnami.com is not covered by any SSL certificate, but it works that way on purpose. Can you give us more information on what are you trying to achieve? If your question or use case is related to your other ticket #1606, please let's move the conversation there.

gongomgra avatar Jul 30 '24 07:07 gongomgra

Just noticed this by accident. If a public server endpoint responds to TLS protocol isn't this just default expectation that it should offer a valid cert? Automation uses this endpoint to obtain ip address to be used in config scripts. A valid cert prevents various MITM-like attacks.

paxan avatar Jul 30 '24 18:07 paxan

Hi @paxan,

Thanks for the information. As mentioned in the other ticket, I will check it with the rest of the team. We will keep you posted.

gongomgra avatar Aug 02 '24 11:08 gongomgra