Uploaded image for project: 'HipChat'
  1. HipChat
  2. HCPUB-815

hipchat certificates selfsign option generates a certificate without the server's correct hostname

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Low
    • None
    • HCS 1.4.1
    • Other
    • None
    • Severity 3 - Minor

    Description

      Problem

      When running the following command to generate a self-signed certificate for HipChat Server, the resulting certificate does not include the correct CN that points to the server's hostname.

      Steps to Reproduce

      Verify the HipChat Server's correct hostname by running this command from the server console:

      hostname

      Make sure that the hostname and domain set correctly in Server Admin >> Network tab from the HipChat Server Admin Web UI

      hostname: hipchat
domain: yourcompany.com

      Run the following command to generate a self-signed certificate:

      hipchat certificates --selfsign

      Actual results

      When running 

      hipchat certificates --show

      ...the resulting certificate does not include the server's fully qualified domain name in the CN:

      Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 15575094825854458408 (0xd825da3946145a28)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=SF, O=ATLASSIAN, OU=HIPCHAT, CN=#CN/emailAddress=noreply@example.com
        Validity
            Not Before: May 18 11:28:42 2016 GMT
            Not After : May 16 11:28:42 2026 GMT
        Subject: C=US, ST=CA, L=SF, O=ATLASSIAN, OU=HIPCHAT, CN=#CN/emailAddress=noreply@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption

      Expected results

      The server's hostname should be included in the resulting self-signed certificate.

      Workaround

      Sample

      Please perform the following steps:

      1) Download the following file directly to your HipChat server or, if it does not have internet access, download it to your workstation and scp it over to your HipChat Server:

      default.rb

      2) Log in to your HipChat server and make a backup copy of the default.rb file, for example:

      sudo dont-blame-hipchat

mv /hipchat-scm/chef-repo/cookbooks/hipchat_selfsigned_cert/recipes/default.rb /home/admin/default.rb.bak

      3) Copy the modified default.rb to /hipchat-scm/chef-repo/cookbooks/hipchat_selfsigned_cert/recipes/, for example:

      sudo dont-blame-hipchat

cp /home/admin/default.rb /hipchat-scm/chef-repo/cookbooks/hipchat_selfsigned_cert/recipes/

      4) Regenerate your self-signed certificate

      hipchat certificates -f

      5) Verify that you now have the correct hostname in the CN of your certificate

      hipchat certificates -w

      To roll back the fix, simply copy the backup default.rb file to its original place.

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              rberrelleza Ramiro Berrelleza (Inactive)
              kbaxley Kent Baxley
              Archiver:
              mandreacchio Michael Andreacchio

              Dates

                Created:
                Updated:
                Resolved:
                Archived: