Idea ID: 1794064

CA signed secure connection between the UD Agent and the probe

Status : Under Consideration
over 2 years ago

As a security enforcement, the communication between the UD Agent and the UCMDB probe should use CA signed certificates and not self-signed certificates.

  • Hello,

    The cybersecurity team at my organization has identified this as a security vulnerability. Is it possible to have this appended to the next release? We currently have an open request to get this resolved as a hot fix (SD02904436).  Has there been any traction on this request in the past few months?

  • One of my customer also raised this question.

    And they are also very concerned for this issue because the self-signed certificate does not comply with their security policies.

    Please make this feaure officially supported!

    Thanks,

    Bing

  • Hi Jeremiah,

    if I remember right it worked with 2018.x and I wouldn't expect a change in this area.
    So give it a try.

    Best regards,
      Michael

  •  We're running 2019.05 but I still have the hardening guide from 10.30 with the instructions securing the probe to UDA using a CA-signed certificate. Do you happen to know if the process will work on the later version of uCMDB?

    I did see a note in the instructions that it pertained specifically to OpenSSL version 0.9.8.

    Thanks,

    Jeremiah

  • Hi,

    Up-to UCMDB 10.32 it was described in the docs how to “Enable Secure Communication between UD agents and Data Flow Probes using CA-signed Certificates”. In newer documentation this section was skipped.

    One of my customers were able to enable this feature in UCMDB 10.33 with the described procedure.

    Best regards,
      Michael