High Issue Summary
Custom Certificate for gRPC internal node communication not getting picked up.
Note: Feature was added in 10.2.1: see BAM-25755
Update from Customer: (Raised the priority as a result)
This has to be prioritized else our team have to go through security exception process which we highly avoid that route if this is not going to fix by May 2025. Please keep this open and will work with TAM to push/expedited.
Steps to Reproduce
- Configured a Bamboo Clustered on version 10.2.3
- Configured custom certificate for both nodes
- The tests were run just using plain text.
- Add parameters on <bamboo-install>/bin/setenv.sh for both nodes
JVM_SUPPORT_RECOMMENDED_ARGS="${JVM_SUPPORT_RECOMMENDED_ARGS} -Dbamboo.grpc.authentication.root.ca.filename=/mnt/efs/ssl/custom_cert.pem" JVM_SUPPORT_RECOMMENDED_ARGS="${JVM_SUPPORT_RECOMMENDED_ARGS} -Dbamboo.grpc.authentication.root.ca.key.passphrase='admin'" JVM_SUPPORT_RECOMMENDED_ARGS="${JVM_SUPPORT_RECOMMENDED_ARGS} -Dbamboo.grpc.authentication.root.ca.cipher='ECDHE-RSA-AES256-GCM-SHA384'"
- Openssl command to validate while Bamboo is up
openssl s_client -connect localhost:9090 -showcerts
- Info from application.xml (support zip) showing the parameters are being picked up
<bamboo.grpc.authentication.root.ca.key.passphrase>admin</bamboo.grpc.authentication.root.ca.key.passphrase> <bamboo.grpc.authentication.root.ca.filename>/mnt/efs/ssl/custom_cert.pem</bamboo.grpc.authentication.root.ca.filename> <bamboo.grpc.authentication.root.ca.cipher>ECDHE-RSA-AES256-GCM-SHA384</bamboo.grpc.authentication.root.ca.cipher>
Expected Results
Server certificate subject=CN=Custom Cert issuer=CN=Custom Cert --- Acceptable client certificate CA names CN=My Custom Cert
Actual Results
Server certificate subject=CN=Local node issuer=CN=Bamboo GRPC Root CA --- Acceptable client certificate CA names CN=Bamboo GRPC Root CA
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- mentioned in
-
Page Loading...