ssl certificate for blog.seamonkey-project.org

RESOLVED FIXED

Status

Infrastructure & Operations
WebOps: SSL and Domain Names
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: cturra, Assigned: cturra)

Tracking

Details

(Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/751] )

(Assignee)

Description

4 years ago
we've added full multi-domain support to blog.mozilla.org and are moving forward with hosting the seamonkey blog on this platform. as a result, we need to add blog.seamonkey-project.org to the generic san certificate.

Updated

4 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/751]
(Assignee)

Comment 1

4 years ago
:Callek - i was just looking into adding ssl to the new seamonkey blog and realized mozilla doesn't own the seamonkey-project.org domain, so we cannot sign a certificate for it.

i see two options here:

1) we move forward without ssl support on blog.seamonkey-project.org
2) the domain owner purchases an ssl certificate and i can add that to our load balancer for ssl termination


please let me know which option you'd like to move forward with.
Flags: needinfo?(bugspam.Callek)
Per a brief chat with cturra on IRC

* Proceed with setup, without ssl termination.

We can add ssl later pretty easily.

To KaiRo,

* Mozilla can't purchase ssl because they don't own the seamonkey-project.org domain. So if you create/get one signed and hand over they can host it.

<cturra>	Callek: the other option i suppose is mozilla could take over ownership of that domain (KaiRo could still control DNS)
<Callek>	cturra: ok, I'll make a comment about that... frankly I think KaiRo has said before itd be just fine for mozilla to take ownership (and control) of the DNS... let me put this in bug, and n-i him

So if we want to explore the Mozilla takes ownership and/or control of SeaMonkey DNS, I say "lets do it" but would need a new bug likely.

If you're directly willing to take on a purchase of an ssl cert we can probably do that in this bug.
Flags: needinfo?(kairo)

Updated

4 years ago
Flags: needinfo?(bugspam.Callek)

Comment 3

4 years ago
FWIW, I would be happy to turn over seamonkey-project.org (and the two domains set up as aliases for it, seamonkeyproject.org and spreadseamonkey.com) to Mozilla, it would be one thing less for me to worry about.

Comment 4

4 years ago
Oh, I can also get a startssl cert for blog.sm-p.o if wanted, but we'd need to get into an exchange about renewing it every year, which is somewhat of a burden to all of us, I guess.
(Assignee)

Updated

4 years ago
Depends on: 1053945

Comment 5

4 years ago
OK, I'm clearing the needinfo here as seamonkey-project.org and seamonkeyproject.org have now been moved over to Mozilla according to what whois tells me. ;-)
Flags: needinfo?(kairo)
(Assignee)

Comment 6

4 years ago
i am going to mark this bug as r/wontfix since ssl isn't a requirement on this blog.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
(In reply to Chris Turra [:cturra] from comment #6)
> i am going to mark this bug as r/wontfix since ssl isn't a requirement on
> this blog.

Chris, the whole SSL thing was the driver for the domain transfers we just did. SSL is also seemingly required for the admin panel atm, despite everything. We'd also prefer SSL now that it seems technically possible.

Can we please still make this happen?
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(Assignee)

Comment 8

4 years ago
fair points. i will get this done for you in the next day or two.
(Assignee)

Comment 9

4 years ago
ssl now in place for both blog.seamonkey-project.org and blog.seamonkeyproject.org \o/

$ curl -Iv https://blog.seamonkey-project.org
* Adding handle: conn: 0x7fe569804000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fe569804000) send_pipe: 1, recv_pipe: 0
* About to connect() to blog.seamonkey-project.org port 443 (#0)
*   Trying 63.245.217.86...
* Connected to blog.seamonkey-project.org (63.245.217.86) port 443 (#0)
* TLS 1.1 connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate: generic-san.mozilla.org
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: blog.seamonkey-project.org
> Accept: */*
>
< HTTP/1.1 200 OK
...

$ curl -Iv https://blog.seamonkeyproject.org
* Adding handle: conn: 0x7f93ab804000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f93ab804000) send_pipe: 1, recv_pipe: 0
* About to connect() to blog.seamonkeyproject.org port 443 (#0)
*   Trying 63.245.217.86...
* Connected to blog.seamonkeyproject.org (63.245.217.86) port 443 (#0)
* TLS 1.1 connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate: generic-san.mozilla.org
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: blog.seamonkeyproject.org
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
...
Status: REOPENED → RESOLVED
Last Resolved: 4 years ago4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.