Closed
Bug 758276
Opened 12 years ago
Closed 12 years ago
SSL cert for login.anosrep.org & related
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: petef, Assigned: cturra)
Details
anosrep.org is the staging site for persona ("persona".reverse => "anosrep").
I'm not sure how we should do this cert (one cert w/lots of SANs, or a wildcard + a cert with a few SANs, or what), but the names we need to work with the cert:
* anosrep.org
* www.anosrep.org
* apps.anosrep.org
* login.anosrep.org
* verifier.login.anosrep.org
* static.login.anosrep.org
* proxy.login.anosrep.org
* profile.anosrep.org
Since this is just staging, it does not need to be EV-level.
|
||
Comment 1•12 years ago
|
||
We should go with one wildcard for staging, that's the standard practice. Now the issue is a *.anosrep.org isn't the same as a *.*.anosrep.org...so all your quad quads are going to be an issue. We'll have to figure out how to shoehorn that in :) Domain isn't registered with us, we should get it transferred to us before we do any SSL stuff (else we can't make purchases for the domain). Can you file a bug for that, please and have that block this one?
|
Reporter | |
Comment 2•12 years ago
|
||
(In reply to Shyam Mani [:fox2mike] from comment #1) > We should go with one wildcard for staging, that's the standard practice. > > Now the issue is a *.anosrep.org isn't the same as a *.*.anosrep.org...so > all your quad quads are going to be an issue. We'll have to figure out how > to shoehorn that in :) Maybe *.anosrep.org and *.login.anosrep.org? How many alternate names can we have on a *.login.anosrep.org cert? > Domain isn't registered with us, we should get it transferred to us before > we do any SSL stuff (else we can't make purchases for the domain). Can you > file a bug for that, please and have that block this one? Bug filed, blocking this one.
|
|
||
Comment 3•12 years ago
|
||
* = wildcard, you can have any number of domains, no limitations.
|
|
Reporter | |
Comment 4•12 years ago
|
||
(In reply to Shyam Mani [:fox2mike] from comment #3) > * = wildcard, you can have any number of domains, no limitations. Right. I mean if we got a cert for *.login.anosrep.org, could we add login.anosrep.org/anosrep.org/apps.anosrep.org/www.anosrep.org as SANs?
|
|
||
Comment 5•12 years ago
|
||
We could do this with Digicert I guess. Geotrust will not issue SANs with wildcards IIRC
|
|
Reporter | |
Comment 6•12 years ago
|
||
bumping priority on this. anosrep.org is now transferred to us. We're launching the persona.org rebrand in ~3 weeks, and would like to have a staging environment up this week or so, which requires this SSL cert.
Severity: normal → major
|
||
Updated•12 years ago
|
Assignee: server-ops → shyam
|
|
||
Comment 7•12 years ago
|
||
Anyone from webops can do this. Need to get the domain added to Geotrust first.
Assignee: shyam → server-ops
|
||
Comment 8•12 years ago
|
||
So are we getting two certs? 1 for *.anosrep.org and 1 for *.logins.anosrep.org?
|
Assignee | |
Updated•12 years ago
|
Assignee: server-ops → cturra
|
|
Reporter | |
Comment 9•12 years ago
|
||
(In reply to Brandon Burton [:solarce] from comment #8) > So are we getting two certs? > > 1 for *.anosrep.org and 1 for *.logins.anosrep.org? s/logins/login/ -- I'm ok with two wildcards, or a single wildcard cert for *.login.anosrep.org with some SANs (login.anosrep.org, apps.anosrep.org, anosrep.org, profile.anosrep.org) -- whatever's easier.
Severity: major → normal
|
|
Assignee | |
Comment 11•12 years ago
|
||
ticket opened with geotrust to have anosrep.org added to our domain list.
|
|
Assignee | |
Comment 12•12 years ago
|
||
two wildcard certificates purchased (keys found on ssl1.private.phx1): 1) *.login.anosrep.org -----BEGIN CERTIFICATE----- MIIEkzCCA3ugAwIBAgIDAXXEMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEyMDYwMzAzMzkyOVoXDTE0MDYwNjEwMDg0NVowga4xKTAnBgNVBAUT IGlXcU1XWHR4QXlacHdEakhYRnloOExJTE1qTmRicnhDMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjELMAkGA1UECxMCSVQxHDAaBgNVBAMM EyoubG9naW4uYW5vc3JlcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCY1QePhAj4v5QdYE5jUgKBPL19xWKnarYKA8swdF+HRdsCs12s2Ee+1QoZ vkd0ciNpZdNZllmVPNJ6VDa9vYPOGFkzASLrxxFZtaP8zubhLOKMBkBvVG8UQDss VK2uHBOmt3s9F+0H8gQxj/kAcEbGvkzihJwlJR+oFtWKpg1+MtlZpbCwexIXCQJ6 9w4mG2cRrUqhEBJFbETlUMH2uIV/PmcOWBjBiOlDOCvUzye87MCvR0ZjEbBTMQ9L 37mURcg4cU/rOXPCBqf225yndNTj2jQ4420WXEzUzUlc/HGbZf3PJqqW8pdkC7S/ oyEGLPEbL4eWB794Fqzi0OhrtBRrAgMBAAGjggElMIIBITAfBgNVHSMEGDAWgBRC eVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMB4GA1UdEQQXMBWCEyoubG9naW4uYW5vc3JlcC5v cmcwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2d0c3NsLWNybC5nZW90cnVzdC5j b20vY3Jscy9ndHNzbC5jcmwwHQYDVR0OBBYEFAubTnfvyiYH58CwbWncQ249Z20m MAwGA1UdEwEB/wQCMAAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRw Oi8vZ3Rzc2wtYWlhLmdlb3RydXN0LmNvbS9ndHNzbC5jcnQwDQYJKoZIhvcNAQEF BQADggEBADOOU7USdS+FyyEoUc5Vl8kz9iXcNxAuvGii6atLc/8+8NSVbqkjHA2F qf5TcFi1xpe87DKzJnTKCK35BnV+LT8nfyPqPq6Wh7OktEmuixp3VKyl0C1tL+c3 dctaCzsXPwRWoh4xKzOfrL3K83f+Z7ofLqRkF1EfDCkPWe+XJn9IeF06zQA3mAxn VSfkD/u1VIjR2xrLU/azoij/rgPmx8aTxzeYOD5lnj5T0uRj+YMBd7S4BrGUctPe xxlSLeUBjIu7Il/pZocPLqwQJvcMwdSsnhPxM6NqMDDgnXh9I1nTojUO5gpFE4Bu jut7ciMGqZB9Ir3DlWOFjGcPYhz+M0I= -----END CERTIFICATE----- 2) *.anosrep.org -----BEGIN CERTIFICATE----- MIIElDCCA3ygAwIBAgIDAXXFMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEyMDYwMzA4MTYwN1oXDTE0MDYwNjA5Mzk0NlowgagxKTAnBgNVBAUT IFovQkFsNmZBSGp4V2dvakQ0REQ5a0lzaGo2S3I2cWNPMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjELMAkGA1UECxMCSVQxFjAUBgNVBAMM DSouYW5vc3JlcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt 1klnPP1SOOLYgCTA4OnbbSmNZ/K6iClQac7hvEQTfhZXuIbXpnQlUBfXjkV9fN5O AY8xfN58scwWsSPl+cQNozneNA/EF4eze1/XAtjZ7vq/v53O3syufsemVtg4yf5J vmxZN3T2GTGXohMy5uH5u2ak3mlpDyhk3xzINvy+h7HfdS6FRCiVwqIHtvMP8taT Bgr3CLRmkeS6wB/suSHS7lOOylWygKf0AxE4mw2BPoYkH8wBRXVqI9+y/NJ7W3CJ wDH+WMRL+uU17+/9PLt0TFhmD2MADMsQLMTzU9frQu/7pHc4jnw41EYaSb4kosEp hvzUtPl1Dw1/lILHla/jAgMBAAGjggEsMIIBKDAfBgNVHSMEGDAWgBRCeVQbYc1V Kz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMCUGA1UdEQQeMByCDSouYW5vc3JlcC5vcmeCC2Fub3NyZXAu b3JnMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwuZ2VvdHJ1c3Qu Y29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBTM6GyJFcC5LgnM3J7M3fzTAZV3 HzAMBgNVHRMBAf8EAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYnaHR0 cDovL2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MA0GCSqGSIb3DQEB BQUAA4IBAQANlFNAXmfgw4bwfZoA/DtptsekYWoh17gvamjH3kQyTdf7gyOOOLHN YMrMcnGELoO0EMjxRZjo6kw4txV2e15dLZrE2xaa1/8sMWbvHvONbbXRGST2GsFs 39shoCPmvPdyPTQPR0ZXhAbjw+Rl/6VzT3QCrve30Zz4esAnKtvOKinSkDW1vd/f sTEKGJ6RIDXFSLbGdDfZrqj+DFPremXIgJ81cbjxyPWrgJe3UmHMjQftUqDWW1sS iMHoWKqVeJoFOPjzBZH60KAL8acajjIfL0GB6EJv3Bhz8mWCEHOAglntcnsXMiRC lIeETH8+s27csiHK2HTpkSlbTg0M0qPd -----END CERTIFICATE-----
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
|
||
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•