Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
HCS 1.4.1
-
None
-
Severity 3 - Minor
Description
Problem
When running the following command to generate a self-signed certificate for HipChat Server, the resulting certificate does not include the correct CN that points to the server's hostname.
Steps to Reproduce
Verify the HipChat Server's correct hostname by running this command from the server console:
hostname
Make sure that the hostname and domain set correctly in Server Admin >> Network tab from the HipChat Server Admin Web UI
hostname: hipchat domain: yourcompany.com
Run the following command to generate a self-signed certificate:
hipchat certificates --selfsign
Actual results
When running
hipchat certificates --show
...the resulting certificate does not include the server's fully qualified domain name in the CN:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 15575094825854458408 (0xd825da3946145a28)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=SF, O=ATLASSIAN, OU=HIPCHAT, CN=#CN/emailAddress=noreply@example.com
Validity
Not Before: May 18 11:28:42 2016 GMT
Not After : May 16 11:28:42 2026 GMT
Subject: C=US, ST=CA, L=SF, O=ATLASSIAN, OU=HIPCHAT, CN=#CN/emailAddress=noreply@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Expected results
The server's hostname should be included in the resulting self-signed certificate.
Workaround
Please perform the following steps:
1) Download the following file directly to your HipChat server or, if it does not have internet access, download it to your workstation and scp it over to your HipChat Server:
2) Log in to your HipChat server and make a backup copy of the default.rb file, for example:
sudo dont-blame-hipchat mv /hipchat-scm/chef-repo/cookbooks/hipchat_selfsigned_cert/recipes/default.rb /home/admin/default.rb.bak
3) Copy the modified default.rb to /hipchat-scm/chef-repo/cookbooks/hipchat_selfsigned_cert/recipes/, for example:
sudo dont-blame-hipchat
cp /home/admin/default.rb /hipchat-scm/chef-repo/cookbooks/hipchat_selfsigned_cert/recipes/
4) Regenerate your self-signed certificate
hipchat certificates -f
5) Verify that you now have the correct hostname in the CN of your certificate
hipchat certificates -w
To roll back the fix, simply copy the backup default.rb file to its original place.