Closed
Bug 1030731
Opened 11 years ago
Closed 11 years ago
irc.allizom.org uses very bogus SSL certificate
Categories
(Infrastructure & Operations Graveyard :: Infrastructure: IRC, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gerv, Assigned: dparsons)
References
Details
I've not seen so many errors in one cert for a while :-)
irc.allizom.org:6697 uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for irctest.allizom.org
The certificate expired on 12/06/14 00:13. The current time is 26/06/14 14:01.
Instantbird will not connect to the server for this reason, and I don't see override UI (which is maybe a good thing).
We need a proper cert chaining up to a publicly trusted root, for the correct domain name, and which is not expired. :-)
Gerv
|
Reporter | |
Updated•11 years ago
|
Assignee: infra → dparsons
|
Assignee | |
Comment 1•11 years ago
|
||
I can fix up most of this but definitely not getting a signed SSL cert for the testing phase. It's just not necessary.
|
|
Reporter | |
Comment 2•11 years ago
|
||
Well, IB won't connect at all if it doesn't trust the cert. If it's self-signed, can you put it up for download somewhere with its fingerprint so people can add it to the IB (or other client) trust store?
Gerv
(In reply to Dan Parsons [:lerxst] from comment #1)
> I can fix up most of this but definitely not getting a signed SSL cert for
> the testing phase. It's just not necessary.
Would a Mozilla CA signed certificate be acceptable?
(In reply to Gervase Markham [:gerv] from comment #2)
> Well, IB won't connect at all if it doesn't trust the cert. If it's
> self-signed, can you put it up for download somewhere with its fingerprint
> so people can add it to the IB (or other client) trust store?
You can download it with:
echo -n | openssl s_client -connect HOST:PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > HOST:PORT.crt
|
|
Assignee | |
Comment 4•11 years ago
|
||
Apparently we already have a cert for *.allizom.org. Getting my hands on it now and will have it configured into the irc servers soon.
|
|
Assignee | |
Comment 5•11 years ago
|
||
OK, I've got the *.allizom.org cert in all 3 servers now. :gerv, can you test and see if your ssl problems are gone now?
|
|
Reporter | |
Comment 6•11 years ago
|
||
Yes, this now works. Thank you :-)
Gerv
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•10 years ago
|
Component: Infrastructure: Other → Infrastructure: IRC
QA Contact: jdow → dparsons
|
||
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•