Closed
Bug 1269905
Opened 8 years ago
Closed 8 years ago
Create certificate for signing Normandy actions with Autograph
Categories
(Shield :: General, defect)
Shield
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mythmon, Assigned: jvehent)
References
Details
Please create certificates for signing Normandy actions with Autograph. We'll probably want a certificate for both stage and prod. We also have a dev environment. Is it suitable to have a key there too? I think the name should be "normandy-actions-signer.mozilla.org".
Assignee | ||
Comment 1•8 years ago
|
||
We are namespacing under content-signature.mozilla.org so it will be: * prod: shield.content-signature.mozilla.org (using the AMO root) * stage: shield.content-signature.allizom.org (using the dev AMO root) * dev: identical to stage
Flags: needinfo?(jvehent)
Reporter | ||
Comment 2•8 years ago
|
||
I'd prefer to use "normandy" instead of "shield". Normandy is the general name for the code, whereas SHIELD is a product name that doesn't cover everything Normandy does. Besides that, those names look fine.
Updated•8 years ago
|
Component: SHIELD → General
Product: Websites → Normandy
Assignee | ||
Comment 3•8 years ago
|
||
Stage configuration is in place. Once your service is deployed, we'll give you access. We don't have a setup in DEV, but you can use the default conf provided with the github repo (I can help you install it locally if needed). Make sure you hit the /sign/data endpoint with a request body similar to this one: [{"input": "...base64 raw input...", "template": "content-signature", "hashwith": "sha384","keyid": "normandy_user"}]
Flags: needinfo?(jvehent)
Assignee | ||
Comment 4•8 years ago
|
||
Prod and stage certificates have been generated. The prod chain is valid for 6 months and hosted at https://content-signature.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-20160610.prod.chain. The stage chain is valid for 5 years and hosted at https://content-signature.stage.mozaws.net/chains/normandy.content-signature.mozilla.org-20210531.stage.chain. Autograph has been configured in stage and prod with the proper signing keys.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•