I’m the administrator and I have made any changes to the way it’s setup in the last couple of months. What causes a server key change? Is this a false positive? how can I check?
Hi @VHMC41 welcome to the community forum
The “server key has changed” can happen when the server key has changed but also in some rare cases when the server verification fails, or in case of network temporary failure.
As said in out Security White Paper at page 24: https://help.passbolt.com/assets/files/Security%20White%20Paper%20-%20Passbolt%20Pro%20Edition.pdf
This server identity verification should not be understood as an end to end server authentication, e.g. it does not protect against an attacker performing a man in the middle attack.
However it can help in certain unlikely scenarios such as when a domain name is seized.
If you want to compare the fingerprint displayed in your web browser with the one defined on your Passbolt server, you can check the one defined in the Passbolt configuration file (843D2B185A337858D2EE5C1041E7852AEACC2DD9 for my case):
$ sudo grep fingerprint /etc/passbolt/passbolt.php 'fingerprint' => '843D2B185A337858D2EE5C1041E7852AEACC2DD9',
You can check also the gpg files located on /etc/passbolt/gpg/ folder:
$ sudo gpg /etc/passbolt/gpg/serverkey.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa2048 2021-09-14 [SC] 843D2B185A337858D2EE5C1041E7852AEACC2DD9 uid Passbolt default user <email@example.com> sub rsa2048 2021-09-14 [E] $ sudo gpg /etc/passbolt/gpg/serverkey_private.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa2048 2021-09-14 [SC] 843D2B185A337858D2EE5C1041E7852AEACC2DD9 uid Passbolt default user <firstname.lastname@example.org> sub rsa2048 2021-09-14 [E]
So if the fingerprint displayed in the browser matches with the one defined on Passbolt server, you can go ahead and continue.
Let me know if you have other questions.