Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-25755

Ability to provide own certificate for gRPC channel in Bamboo datacenter

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Network
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Currently Bamboo Datacenter uses a self signed certificate for the ssl gRPC communication between nodes within the cluster. Bamboo will listen on the node.internal.communication.port port [9090] for the gRPC traffic. This leads some security scanners to complain that this is insecure as the issuer is not a known CA.

      The following certificate was at the top of the certificate
      chain sent by the remote host, but it is signed by an unknown
      certificate authority :

      |-Subject : CN=Local node
      |-Issuer : CN=Bamboo GRPC Root CA

      Affected Port:
      9090/tcp

      If the certificate does not exist then Bamboo will recreate a self-signed certificate when a cluster node is started.

      This request is to allow the Bamboo admin to provide their own certificate with CA of their choice rather than a self signed certificate.

      Attachments

        Activity

          People

            Unassigned Unassigned
            cberry@atlassian.com Chris Berry
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: