servo-buildbot.pub.build.mozilla.org uses an invalid certificate

RESOLVED INVALID

Status

Infrastructure & Operations
WebOps: Other
RESOLVED INVALID
4 years ago
3 years ago

People

(Reporter: Ms2ger, Unassigned)

Tracking

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/25] )

(Reporter)

Description

4 years ago
<https://servo-buildbot.pub.build.mozilla.org/> gives an untrusted connection error because its cert is issued for secure.pub.build.mozilla.org.
It's not available on https, and since we have so many vhosts and a finite number of IPs, we host several sites on the same IP.  So the cert served by :443 isn't for this particular vhost (it's probably for secure.pub.b.m.o).

httpseverywhere is pretty fundamentally broken, imho -- the assumption that it can just randomly change the protocol for a site and expect it to work is pretty bogus.  But it's what we've got.

Anyway, maybe WebOps has a way of dealing with this?
Assignee: relops → server-ops-webops
Component: RelOps → WebOps: Other
QA Contact: arich → nmaul
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/197]

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/197] → [kanban:https://webops.kanbanize.com/ctrl_board/2/25]
The current certificate for that VIP is:

        Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
        Subject: C=US, ST=CA, L=Mountain View, O=Mozilla Foundation, CN=secure.pub.build.mozilla.org

            X509v3 Subject Alternative Name: 
                DNS:secure.pub.build.mozilla.org

Is it worth reissuing the DigiCert certificate to include a new SAN for servo-buildbot?
Flags: needinfo?(dustin)
(Reporter)

Comment 3

3 years ago
I thought this bug had been closed; we no longer use this domain, so there probably isn't a need.
Thanks for the update!
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Flags: needinfo?(dustin)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.