Closed Bug 1277268 Opened 9 years ago Closed 9 years ago

Add Treeherder certs/keys to Heroku apps treeherder-{stage,prod}

Categories

(Infrastructure & Operations :: SSL Certificates, task)

Product:
Infrastructure & Operations
Component:
SSL Certificates
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: emorley, Assigned: rwatson)

References

Details

(Keywords: treeherder, Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3033] )

In bug 1176484 we're soon moving the SCL3 based Treeherder to Heroku. To do this, we'll need the SSL certificate and key add to be added to the Heroku ssl endpoint addon, which we'd like to do in advance, so there is less to do on DNS switchover day. The steps for adding the cert/key are: 0) Ensure heroku CLI installed (http://toolbelt.heroku.com/), logged in (`heroku login`) and relevant Heroku permissions. 1) export HEROKU_APP=NAME_OF_APP 2) heroku certs:add server.crt server.key 3) Verify using steps at https://devcenter.heroku.com/articles/ssl-endpoint#endpoint-details Please add the cert/key for both stage: * https://treeherder.allizom.org (using `HEROKU_APP=treeherder-stage`) ...and prod: * https://treeherder.mozilla.org (using `HEROKU_APP=treeherder-prod`) I'll file another bug nearer the time, when we need the actual DNS changes. Many thanks!
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3033]
Assignee: server-ops-webops → rwatson
heroku certs:add live/treeherder_mozilla_org.pem live/treeherder.mozilla.org.key --app treeherder-prodResolving trust chain... done Adding SSL Endpoint to treeherder-prod... done treeherder-prod now served by tokyo-43605.herokussl.com Certificate details: Common Name(s): treeherder.mozilla.org Expires At: 2017-06-01 12:00 UTC Issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA Starts At: 2014-05-28 00:00 UTC Subject: /C=US/ST=CA/L=Mountain View/O=Mozilla Corporation/CN=treeherder.mozilla.org SSL certificate is verified by a root authority. heroku certs:add allizom/star_allizom_org.pem allizom/wildcard.allizom.org.key --app treeherder-stage Resolving trust chain... done Adding SSL Endpoint to treeherder-stage... done treeherder-stage now served by mie-37426.herokussl.com Certificate details: Common Name(s): *.allizom.org allizom.org Expires At: 2016-12-06 12:00 UTC Issuer: /C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA Starts At: 2013-12-02 00:00 UTC Subject: /C=US/ST=CA/L=Mountain View/O=Mozilla Corporation/CN=*.allizom.org SSL certificate is verified by a root authority.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Many thanks! :-)
Blocks: 1277304
You need to log in before you can comment on or make changes to this bug.