This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JensBauernfeind
Explorer
Tuesday

Infinity Cloud Rest API Container loop

Hi,

Checkpoint R82 JHF Take 60

I had a little load on my management system and noticed one "node" process which seems to restart every second.
After a little research, I found out that this is coming from the "icra" podman container:
[Expert@name:0]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
...
6f7f6fed7a8d docker.io/library/infinity-cloud-rest-api:latest node server/serve... 2 hours ago Up Less than a second ago icra
...

podman logs icra:
8<---

Node.js v22.15.1
node:internal/tls/secure-context:290
context.loadPKCS12(toBuf(pfx), toBuf(passphrase));
^

Error: ee key too small
at configSecureContext (node:internal/tls/secure-context:290:15)
at Object.createSecureContext (node:_tls_common:113:3)
at Server.setSecureContext (node:_tls_wrap:1490:27)
at Server (node:_tls_wrap:1354:8)
at new Server (node:https:80:3)
at Object.createServer (node:https:135:10)
at 6997 (/usr/src/app/server/server.js:1:85855)
at e (/usr/src/app/server/server.js:1:96194)
at /usr/src/app/server/server.js:1:96234
at Object.<anonymous> (/usr/src/app/server/server.js:1:96242)

Node.js v22.15.1
node:internal/tls/secure-context:290
context.loadPKCS12(toBuf(pfx), toBuf(passphrase));
8<---

Looking further, the p12 file the service is using has a Key Size of only 1024.
I assume that the Node.js version does not accept such a small Key Size.

Although I am not using any infinity Services, how can I fix this behaviour (recreating a stronger certificate/p12 file which the node.js process is using?)
For now, I issued "podman stop icra", but this does not survive a reboot.

Best

Jens

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
Wednesday

I assume once a real connection to Infinity Portal occurs, this certificate will get replaced with a stronger one.
This SK suggests it may actually be related to Infinity Identity (though it does connect via Infinity Portal): https://support.checkpoint.com/results/sk/sk183186 

0 Kudos
CaseyB
Advisor
Wednesday

I have an open TAC case on this issue now, I'll let you know when I have a permanent solution. We have also just stopped the docker image for the time being.

Did your CPU spike as crazy as mine from this?

cpu-spike.png

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
Wednesday

I checked my managements (none of which talk to Infinity Cloud) and the instance is running on all of them (mostly R82 jumbo 60, one R82.10 jumbo 6).

Concurring, based on the message, the problem is likely the 1024-bit key. Which file is it?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events