Closed Bug 1206728 Opened 10 years ago Closed 10 years ago

https://symbols.mozilla.org/ serves an invalid TLS certificate

Categories

(Infrastructure & Operations :: SSL Certificates, task)

Product:
Infrastructure & Operations
Component:
SSL Certificates
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: ehsan.akhgari, Assigned: rwatson)

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1816] )

The certificate seems to only be valid for *.herokuapp.com, and herokuapp.com.
Assignee: infra → server-ops-webops
Component: Infrastructure: Other → WebOps: SSL and Domain Names
QA Contact: jdow → smani
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1816]
Assignee: server-ops-webops → rwatson
This is apparently a socorro service, in AWS. Haven't managed to get in touch with socorro folks to confirm yet. :lonnen, can you confirm/deny?
Flags: needinfo?(chris.lonnen)
Hello! This site was moved to Heroku as per bug: 1130023 According to the old info that still needs to be decom'd: (apache) domains/symbols.mozilla.org.conf" <VirtualHost *:80> ServerName symbols.mozilla.org I have also checked on the zlb itself and can see no SSL cert applied. That leads me to believe it was never listening on HTTPS. At this point it's not possible for us to redirect https > http as termination of the SSL is done on Heroku. The only way for us to fix this problem is: a) if heroku enable you to turn of SSL do that b) we can buy an SSL cert and apply it to your heroku instance (around $150) Needinfo'ing rhelmer as to how to proceed.
Flags: needinfo?(rhelmer)
(In reply to Ryan Watson [:w0ts0n] from comment #2) > Hello! > > This site was moved to Heroku as per bug: 1130023 > > According to the old info that still needs to be decom'd: > (apache) > domains/symbols.mozilla.org.conf" > <VirtualHost *:80> > ServerName symbols.mozilla.org > > I have also checked on the zlb itself and can see no SSL cert applied. That > leads me to believe it was never listening on HTTPS. > > At this point it's not possible for us to redirect https > http as > termination of the SSL is done on Heroku. The only way for us to fix this > problem is: > > a) if heroku enable you to turn of SSL do that > b) we can buy an SSL cert and apply it to your heroku instance (around $150) > > Needinfo'ing rhelmer as to how to proceed. Right, this service did not use SSL before, so we didn't have a cert to migrate. I don't think it's possible to disable SSL on Heroku from a quick look at the docs. Ted, do you think we should buy a cert for symbols.m.o?
Flags: needinfo?(rhelmer) → needinfo?(ted)
If the service isn't intended to be published as SSL, then I don't think we care if it advertises SSL. The site will offer a cert warning for users who browse with SSL Everywhere, and that's fine. I would eventually recommend using a Let's Encrypt DV cert, once they launch, but don't see any reason to add unnecessary costs for a Digicert here.
Flags: needinfo?(chris.lonnen)
We discussed this briefly on IRC. If we weren't historically serving this via SSL then I don't see any need to make that happen now.
Flags: needinfo?(ted)
Thanks for the updates, all. Closing this with no action to take.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.