Closed Bug 1204330 Opened 6 years ago Closed 3 years ago

SSL/TLS cert of seamonkey-project.org broken and https page redirects directly to mozilla.org

Categories

(SeaMonkey :: Website, defect)

Production
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: adriank, Unassigned)

Details

This applies to https://seamonkey-project.org/ as well as https://www.seamonkey-project.org/:

The site's certificate is not intended for the domain ("ssl_error_bad_cert_domain") - the cert is only valid for "static-san.mozilla.org, addons.mozilla.com, autoconfig-live.mozillamessaging.com, autoconfig.thunderbird.net, broker-live.mozillamessaging.com, live.mozillamessaging.com, live.thunderbird.net, nightly.mozilla.org, getfirefox.com, www.getfirefox.com, opensearch-live.mozillamessaging.com, dnt.mozilla.org, support.live.mozillamessaging.com, firefox.com, www.firefox.com, gaming.mozillalabs.com, apps.mozillalabs.com, webmaker.mozillalabs.com, support.mozillamessaging.com, heatmap.mozillalabs.com, videos-cdn.mozilla.net, videos.mozilla.org, planet.mozilla.org, publicsuffix.org, www.publicsuffix.org, static.mozilla.com, mozilla.com, www.mozilla.com, activations.mozilla.com, activations.mozilla.org, firefoxflicks.com, www.firefoxflicks.com, aurora.mozilla.org, beta.mozilla.org, pontoon.mozillalabs.com, sso.mozilla.com, openstandard.tv, openstandard.org, openstandard.com, theopenstandard.org, theopenstandard.net, www.openstandard.tv, www.openstandard.org, www.openstandard.com, www.theopenstandard.org, www.theopenstandard.net, contribute.mozilla.org, gameon.mozilla.org, www.bugzilla.org, crash-stats.mozilla.org, shapeoftheweb.mozilla.org, shapeoftheweb.com, shapeoftheweb.org, bugzilla.org, firefoxflicks.org, www.firefoxflicks.org, friends.mozilla.org, firefoxosbrand.com, viewsourceconf.com, content.mozilla.org, tlscanary.mozilla.org, viewsourceconf.org, trackertest.org, itisatracker.org, itisatracker.com"


When accepting the certificate regardless of the warning, one gets redirected to https://www.mozilla.org/ !
I see this too.

The SeaMonkey site cas still be accessed as http://www.seamonkey-project.org/, thus bypassing the certificate check. But of course the page is not crypted then, and malignant third parties (if any) can see it.
P.S. https://blog.seamonkey-project.org/ does _not_ suffer from this bug.
Similarly, when clicking on "Download Now" from the home-page (using FireFox):

download.cdn.mozilla.net uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net, *.akamaized.net, *.akamaized-staging.net (Error code: ssl_error_bad_cert_domain)

Somewhat worrisome: with all the fuss about security, this is definitely keeping potential (lambda) users away from Mozilla products.
(In reply to Tony Mechelynck [:tonymec]. (NEEDINFO me if you want my attention) from comment #1)
> I see this too.
> 
> The SeaMonkey site cas still be accessed as
> http://www.seamonkey-project.org/, thus bypassing the certificate check. But
> of course the page is not crypted then, and malignant third parties (if any)
> can see it.

Get support and directly
Is this bug still relevant?  Going to https://www.seamonkey-project.org, and https://seamonkey-project.org
both takes me to https://www.seamonkey-project.org/.

Or did I misunderstand somewhere?
Product: Websites → SeaMonkey
As of a few days ago, I've been experiencing a similar problem with HTTPS requests to www.seamonkey-project.org (but not blog.seamonkey-project.org).  The error message I get is slightly different so I've opened it as a new issue: Bug 1492430.  If it really is a recurrence of this problem, though, feel free to close it as a duplicate.

(BTW, what is the proper product and component for SeaMonkey website bugs?  Is it Websites->SeaMonkey or SeaMonkey->Website?)
(In reply to Tristan Miller from comment #6)
> As of a few days ago, I've been experiencing a similar problem with HTTPS
> requests to www.seamonkey-project.org (but not blog.seamonkey-project.org). 
> The error message I get is slightly different so I've opened it as a new
> issue: Bug 1492430.  If it really is a recurrence of this problem, though,
> feel free to close it as a duplicate.

If you do encounter something, please do a screen cap and post it here.
(Make sure you desensitize anything you don't want to be viewed publicly).

> 
> (BTW, what is the proper product and component for SeaMonkey website bugs? 
> Is it Websites->SeaMonkey or SeaMonkey->Website?)

It'd be SeaMonkey->Website.   

Thanks
(In reply to Edmund Wong (:ewong) from comment #7)
> If you do encounter something, please do a screen cap and post it here.
> (Make sure you desensitize anything you don't want to be viewed publicly).

The exact error message (from wget) is already posted on the other bug report (which someone else has now confirmed).

> > (BTW, what is the proper product and component for SeaMonkey website bugs? 
> > Is it Websites->SeaMonkey or SeaMonkey->Website?)
> 
> It'd be SeaMonkey->Website.   

OK.  For future reference, what is the Websites->SeaMonkey component for, then?
(In reply to Tristan Miller from comment #8)
> (In reply to Edmund Wong (:ewong) from comment #7)
> > If you do encounter something, please do a screen cap and post it here.
> > (Make sure you desensitize anything you don't want to be viewed publicly).
> 
> The exact error message (from wget) is already posted on the other bug
> report (which someone else has now confirmed).

Thanks  Will take a gander.

> 
> > > (BTW, what is the proper product and component for SeaMonkey website bugs? 
> > > Is it Websites->SeaMonkey or SeaMonkey->Website?)
> > 
> > It'd be SeaMonkey->Website.   
> 
> OK.  For future reference, what is the Websites->SeaMonkey component for,
> then?

It was for our website when it was hosted with Mozilla.  Now that we host it ourselves,
we've moved it to our own (for lack of a better phrase) product line.
Is this bug still relevant?
I can't reproduce it myself.
This has been solved with bug 1492430
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.