Classification: FMOS
Category: X.509 certificate usage or issue
Severity: Warning
Summary
The supplied certificate is self-signed.
Description
This warning is issued by fmos pki import-cpl-cert when the supplied control panel certificate is self-signed. Self-signed certificates are inherently untrusted and clients will not be able to connect to servers that use them without additional configuration.
Impact
When the Server Control Panel HTTPS service uses a self-signed certificate, clients may present users with security warnings or refuse to communicate with the service. In particular, if the server certificate is trusted but the control panel certificate is self-signed, HTTP Strict Transport Security policy may cause browsers to fail to load the Server Control Panel Web User Interface.
The fmos ecosystem join command communicates with the Server Control Panel service over HTTPS. If the control panel certificate is self-signed, it will present a warning to the user and prompt for manual verification of the certificate fingerprint. Using a certificate signed by a trusted certificate authority will suppress this warning.
Cause
The only cause for this warning is to attempt to import a self-signed certificate using fmos pki import-cpl-cert.
Resolution
Importing a self-signed certificate will always trigger this warning. To suppress the warning, the control panel certificate needs to be replaced with one signed by a trusted certificate authority.
Comments
0 comments
Article is closed for comments.