Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-20164

Extend validity on self-signed certificate for Bamboo's JMS Broker when automatic SSL management is enabled.

    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 6.8.0
    • Agents, Network
    • None
    • 0
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      Self signed certificate on Bamboo's JMS SSL listener expires after 90 days which can flag security scans.

      Suggested Solution

      • Extend the validity date of the self signed certificate that the broker uses.

      Workaround

      None

            [BAM-20164] Extend validity on self-signed certificate for Bamboo's JMS Broker when automatic SSL management is enabled.

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3019359 ] New: JAC Suggestion Workflow 3 [ 3606642 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Jeremy Owen made changes -
            Link New: This issue was split into BAM-20420 [ BAM-20420 ]
            Jeremy Owen made changes -
            Fix Version/s New: 6.8.0 [ 81602 ]
            Resolution New: Fixed [ 1 ]
            Status Original: Gathering Interest [ 11772 ] New: Resolved [ 5 ]
            Jeremy Owen made changes -
            Assignee New: Przemek Bruski [ pbruski ]
            Jeremy Owen made changes -
            Description Original: h3. Problem Definition
            If Bamboo's JMS broker is configured for TCP, Bamboo will start an additional SSL listener on port (primary broker port + 1). It would be great to have a way to disable this behavior when an additional SSL connector isn't needed. The self signed certificate on the SSL listener also expires after 90 days which can flag security scans.

            h3. Suggested Solution
            * System property to disable the additional SSL listener.
            * Extend the validity date of the self signed certificate that the broker uses.
             
            h3. Workaround
            Convert the primary broker to SSL instead of TCP and Bamboo will only start one listener:
            * [Securing your remote agents|https://confluence.atlassian.com/bamboo/securing-your-remote-agents-289277197.html]
            New: h3. Problem Definition
            Self signed certificate on Bamboo's JMS SSL listener expires after 90 days which can flag security scans.

            h3. Suggested Solution
            * Extend the validity date of the self signed certificate that the broker uses.
             
            h3. Workaround
            None
            Jeremy Owen made changes -
            Summary Original: Provide a way to disable the additional JMS SSL listener Bamboo automatically launches and extend validity on self-signed certificate New: Extend validity on self-signed certificate for Bamboo's JMS Broker when automatic SSL management is enabled.
            Krystian Brazulewicz made changes -
            UIS New: 0
            Alexey Chystoprudov made changes -
            Component/s New: Agents [ 12491 ]
            Component/s New: Network [ 34390 ]
            Jeremy Owen made changes -
            Summary Original: Provide a way to disable the additional JMS SSL listener Bamboo automatically launches and extend expiry on self-signed certificate New: Provide a way to disable the additional JMS SSL listener Bamboo automatically launches and extend validity on self-signed certificate
            Jeremy Owen made changes -
            Summary Original: Provide a way to disable the additional JMS SSL listener Bamboo automatically launches New: Provide a way to disable the additional JMS SSL listener Bamboo automatically launches and extend expiry on self-signed certificate

              pbruski Przemek Bruski
              jowen@atlassian.com Jeremy Owen
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: