Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

myip.bitnami.com TLS misconfiguration #1607

Open
paxan opened this issue Jul 29, 2024 · 3 comments
Open

myip.bitnami.com TLS misconfiguration #1607

paxan opened this issue Jul 29, 2024 · 3 comments
Assignees
@gongomgra
Labels
on-hold Issues or Pull Requests with this label will never be considered stale tech-issues The user has a technical issue about an application

Comments

@paxan
Copy link

paxan commented Jul 29, 2024
edited
Loading

Platform

AWS

bndiagnostic ID

not applicable

Error output from curl

output fragment from curl -sv https://myip.bitnami.com/:

* Server certificate:
*  subject: CN=bitnami.com
*  start date: Jun 24 01:44:52 2024 GMT
*  expire date: Sep 22 01:44:51 2024 GMT
*  subjectAltName does not match myip.bitnami.com
* SSL: no alternative certificate subject name matches target host name 'myip.bitnami.com'

bndiagnostic was not useful. Could you please tell us why?

Network issue is with myip.bitnami.com itself

Describe your issue as much as you can

The certificate associated with myip.bitnami.com only covers bitnami.com. It should also have SANs that cover myip.bitnami.com and any other variations such as myip2.bitnami.com
@paxan paxan added the tech-issues The user has a technical issue about an application label Jul 29, 2024
@github-actions github-actions bot added the triage Triage is needed label Jul 29, 2024
@gongomgra
Copy link
Collaborator

Hi @paxan,

Thanks for using Bitnami. It is true that myip.bitnami.com is not covered by any SSL certificate, but it works that way on purpose. Can you give us more information on what are you trying to achieve? If your question or use case is related to your other ticket #1606, please let's move the conversation there.

@paxan
Copy link
Author

paxan commented Jul 30, 2024

Just noticed this by accident. If a public server endpoint responds to TLS protocol isn't this just default expectation that it should offer a valid cert? Automation uses this endpoint to obtain ip address to be used in config scripts. A valid cert prevents various MITM-like attacks.

@gongomgra
Copy link
Collaborator

Hi @paxan,

Thanks for the information. As mentioned in the other ticket, I will check it with the rest of the team. We will keep you posted.

@gongomgra gongomgra added on-hold Issues or Pull Requests with this label will never be considered stale and removed triage Triage is needed labels Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gongomgra gongomgra

Labels
on-hold Issues or Pull Requests with this label will never be considered stale tech-issues The user has a technical issue about an application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paxan @gongomgra