Support SSL for web services
Bug #520270 reported by
Robert Collins
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Eucalyptus |
Invalid
|
Undecided
|
chris grzegorczyk | ||
eucalyptus (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
The 8443 admin web page has an SSL certificate, but there doesn't seem to be a SSL web services port (or if it is in fact 8443, then that isn't documented).
While you can't replay or forge requests made over port 80 | 8773, you can sniff and observe them, and some organisations and software refuse to do non-SSL web service requests. Landscape, for instance, requires users of UEC to setup a tunnel so that it is not making cleartext requests.
We should ship SSL by default, with a just-in-time self signed cert, and clear instructions for upgrading to a publically issued certificate.
To post a comment you must log in.
Eucalyptus' web services (on port 8773) support SSL connections since r1074.1.2 in the 1.6.2 series. You can simply change the URLs in eucarc to use "https://" and the server will detect and negotiate an SSL session.
cheers.
chris