Classification: FMOS
Category: X.509 certificate usage or issue
Severity: Warning
Summary
The supplied certificate is self-signed. This will prevent clients and subordinate servers from communicating with this machine.
Description
This warning is issued by fmos pki import-server-cert when the supplied server certificate is self-signed. Self-signed certificates are inherently untrusted and clients will not be able to connect to servers that use them without additional configuration.
Impact
By default, the FMOS ecosystem setup process will automatically configure new member machines that use this machine as their superior to trust the self-signed certificate. If there are already machines in the ecosystem that use this machine as their superior, however, when a new self-signed certificate is imported, they will no longer be able to communicate with this machine.
Some self-signed certificates do not include the appropriate information to allow FMOS to trust them. These certificates cannot be used in a multi-server ecosystem if this machine has subordinate servers.
Cause
The only cause for this warning is to attempt to import a self-signed certificate using fmos pki import-server-cert.
Resolution
Importing a self-signed certificate will always trigger this warning. To suppress the warning, the server certificate needs to be replaced with one signed by a trusted certificate authority.
Comments
0 comments
Article is closed for comments.