Closed
Bug 1304801
Opened 8 years ago
Closed 8 years ago
Migrate phonebook dev/stage/prod to a single SAN cert to permit HPKP testing
Categories
(Infrastructure & Operations :: SSL Certificates, task)
Infrastructure & Operations
SSL Certificates
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Atoll, Assigned: Atoll)
References
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3454])
As part of enabling HPKP for Phonebook, let's migrate it away from the allizom/generic SAN certs to a single Phonebook SAN that covers dev, stage, and prod. This way we can test the *exact* HPKP header we would use in production on our dev/stage instances, on the principle of least-surprise during our eventual deploy to production. No HPKP is in place currently, so the live certs can be switched over without complications.
dev/stage have been switched over to a phonebook SAN cert. prod has not.
See Also: → 1304806
HPKP pin for the intermediate used by Digicert for our certificates: DigiCert SHA2 Secure Server CA: pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
CHG0010828, applied to prod.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•