In our IDS logs, I saw some of our servers making some outgoing
connections over SSL wrapped HTTP. So, being curious, I decided to see
where they were going. The connections were going to patchpro.sun.com,
but the SSL certificate being used for this site is signed by Sun's
internal certificate authority and the site its self displays the
default Apache page. This happens for both the FQDN and the IP address
URL's:
https://192.18.108.39/
https://patchpro.sun.com/
Without digging to much deeper, my mind has begun wondering. Do systems
with support contracts download patches from this system over SSL
wrapped HTTP without a 3rd party validated certificate? Does the update
client even attempt to validate the certificate that is being presented
to it prior to downloading and installing patches? Perhaps Solaris
already has the Sun Microsystems Inc CA (Class B) certificate authority
public certificate installed and trusted
(https://www.sun.com/pki/ca/smicacert.html). Hmm.... I wonder. Guess I
need to build a box and screw around with it. Anyone else have any in
depth knowledge on this matter? Something seems a little weird here.
Generally you don't see default Apache pages sitting around on major
sites unless some kind of misconfiguration is happening.
Here is a copy (Base64 encoded) of the certificate currently being
presented by https://patchpro.sun.com:
-----BEGIN CERTIFICATE-----
MIIEETCCAvmgAwIBAgIEFAAQbTANBgkqhkiG9w0BAQUFADBLMSowKAYDVQQDEyFT
dW4gTWljcm9zeXN0ZW1zIEluYyBDQSAoQ2xhc3MgQikxHTAbBgNVBAoTFFN1biBN
aWNyb3N5c3RlbXMgSW5jMB4XDTAyMDkxOTIyNTgzN1oXDTA3MDkxODIyNTgzN1ow
OjEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxGTAXBgNVBAMTEHBhdGNo
cHJvLnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdGSE7Usa2R
lsHnJoJzY4yQvkp2uWlyAzg6y+Z/Ex8mBH0cjhmIjNCUH1A7072ubA9PzwG/VCE2
EDvO7gOjDKn8UAuvykiQNEirS+OfVgpQpvl8P6AgydQVE8Rbyxx27UwrWuFS6SEZ
KhHtyTYjKx4eEQJZO/GdZg5UvTjndmE3AgMBAAGjggGQMIIBjDAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0OBBYEFIPdShEhWpzZy4SOp+n+JTWMImdvMEcGA1UdIARAMD4w
PAYLYIZIAYb3AIN9k18wLTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5zdW4uY29t
L3BraS9jcHMuaHRtbDCBhQYDVR0fBH4wfDB6oCegJYYjaHR0cDovL3d3dy5zdW4u
Y29tL3BraS9wa2lzbWljYS5jcmyiT6RNMEsxKjAoBgNVBAMTIVN1biBNaWNyb3N5
c3RlbXMgSW5jIENBIChDbGFzcyBCKTEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVt
cyBJbmMwHwYDVR0jBBgwFoAUT7ZnqR/EEBSgG6h1wdYMI5RiiWswVAYIKwYBBQUH
AQEESDBGMB0GCCsGAQUFBzABhhFodHRwOi8vdmEuc3VuLmNvbTAlBggrBgEFBQcw
AYYZaHR0cDovL3ZhLmNlbnRyYWwuc3VuLmNvbTATBgNVHSUEDDAKBggrBgEFBQcD
ATANBgkqhkiG9w0BAQUFAAOCAQEAo8QI/x1PKIhrw3GtyeZyty8QHzcKQQNXT3fX
CXo9P094mIIwwFqk3cHYA8HWd65ieKihwTRYM9FQo8ZajeANI6Y2m2iJ2smHM5p/
tnSmnkh9DYFbwvE9pm8fLoKD8ZMKgGUeeI74h77Cni6A+1quOCzcL+605aHDmhqg
/R4OXSXMUkXpOOyHczdPgDPAyHeTM9MH8w71zyIjOoNVfiyRAY/2mtvq9kVYvOo1
NYexlU+x7u6dFjScuVf3RiXdAIwSmLlR3OlO7+zDlMRThiclv2ldrfQQbMQS6OhA
+2dN9luEiI93yO7CsPPcFlZR+JkqFAWOndz94XvdzAhB/V1MLA==
-----END CERTIFICATE-----
--Eoin Miller
