BMCWeb policy for HTTPS site identity certificate
Joseph Reynolds
jrey at linux.ibm.com
Fri Jul 24 01:25:40 AEST 2020
This is a followup to the OpenBMC security working group meeting
discussion on 2020-07-22
(https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI).
Background:
Per [BMCWeb configuration
policy](https://github.com/openbmc/bmcweb#configuration), BMCWeb
generates a new HTTPS site identity certificate if a usable one cannot
be found. You can upload one via APIs described here:
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Certs/README.md#redfish-certificate-support
Problem:
BMCWeb apparently treats certificates that are either expired or not
valid until a future date as unusable (investigation needed). And
BMCWeb deletes unusable certificates. This can confuse the
administrator, especially considering the BMC's time-of-day clock may
not be set as expected.
Proposal:
What certificate management policy should BMCWeb use? Here is an
initial proposal:
1. certificate is perfectly good - Use the certificate.
2. certificate is good but expired or not yet valid - Use the
certificate and log a warning.
3. certificate is missing or bad format or algorithm too old - Use
another certificate or self-generate a certificate (and log that action).
In no case should BMCWeb should delete any certificate.
Discussion?
More information about the openbmc
mailing list