Error with security scanner `SSL Certificate with Wrong Hostname` for pcsd

Solution In Progress - Updated -

Issue

After pcs rpm installation the certificate generated in the node has CN name as that of the hostname in both the nodes of the cluster.

Node A: (Active Manager)
Issuer: C=US, ST=MN, L=Minneapolis, O=pcsd, OU=pcsd, CN=nodeA

Node B:(Standby Manager)
Issuer: C=US, ST=MN, L=Minneapolis, O=pcsd, OU=pcsd, CN=nodeB

But after the execution of the command pcs cluster node add <nodename> to configure the node to form a cluster the certificate from Node A syncs to Node B and both the nodes in the cluster have the same certificate as follows:

Issuer: C=US, ST=MN, L=Minneapolis, O=pcsd, OU=pcsd, CN=nodeA

Due to this behavior of Synchronization a vulnerability is reported by Nessus vulnerability scanner (Plugin ID 45411 : SSL Certificate with Wrong Hostname). This is perceived as security vulnerability by some users as the 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine which may lead to Man-in-the-middle attack (MITM).

Environment

  • Red Hat Enterprise Linux Server 7, 8 (with the High Availability Add On)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content