Control: Self-signed certificates should not be used

Description

Self-signed certificates contain private and public keys within the same entity, and they cannot be revoked, thus making it difficult to detect security compromises. It is recommended not to use self-signed certificate since it encourage dangerous public browsing behavior.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.ssl_certificate_not_self_signed

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.ssl_certificate_not_self_signed --share

Steampipe Tables

net_certificate

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

select
  common_name as resource,
  case
    when common_name = issuer_name then 'alarm'
    else 'ok'
  end as status,
  case
    when common_name = issuer_name then common_name || ' is self-signed.'
    else common_name || ' is not self-signed.'
  end as reason
from
  net_certificate
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
order by
  common_name;