Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Allow for internal certificates to be replaced

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not

found in the list of known certificate authorities:

|-Subject: CN=Chef Automate 6e0f2607-7ac9-45a9-9c2a-008a794ff08e

For these specific findings there are two service ports that Chef Automate has open which uses X.509 certificates to support encryption between two of their internal only (non-user) services running on ports 10125 and 10143.

From Chef Support:

Chef Automate uses its own self signed certificate on these ports to ensure that the encryption is properly setup out of the box without user intervention, especially since this is only used between internal services of the automate backend.

From Our Security Team:

Security will not accept packages with certs not replaced, period. We will need to maintain pressure on the vendor to allow this to be user replaceable. In addition, since issue was observed by the assessment, the certificate is being presented outside server.

  • Guest
  • Aug 3 2021
  • Out of Scope
  • Attach files
  • Ankur Mundhra commented
    9 Aug, 2021 01:17pm

    Thanks for bringing this to our notice, Edward. May I know more subjective concerns from your security team. From our end, our focus for this year is on security fixes. Workflows to improve it like this one, at best can be explore in the next year. I encourage more participation on this to help mature the ask here. Marking it out of scope for this year.

  • Guest commented
    6 Aug, 2021 03:43pm

    Lots of customers want to generate certs signed by their own or a global authority and replace the internal, self-signed certs for Automate system services.

    This feature should check and reject invalid certs that will end up destroying the system.
    It should inspect and refuse to insert them, before they make it into the system and break internal communications.

  • +1