Closed Bug 26306 Opened 25 years ago Closed 21 years ago

https://despot.mozilla.org/ has a cert problem (despot not in cn, cert expired)

Categories

(mozilla.org Graveyard :: Server Operations, task, P3)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
x86
Linux
Type:
task

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: dmosedale, Assigned: mitchell)

References

(
URL
)

Details

http://despot.mozilla.org does work, and links to the https version, which
doesn't.
Haven't had time to this yet, sorry.
Status: NEW → ASSIGNED
Mind if i try and get https://despot.mozilla.org working?
Fine with me... haven't had time for this (like many other issues) because of 
firefight mode lately, sorry.
On https://csisnet5.uvsc.edu/ I get an Alert, saying "https is not a registered
protocol." The server is set up properly, though.

Pete, your problem doesn't have anything to do with this problem. You need SSL 
enabled build (like one from M14) + PSM plugin. Client issue.
Fixed. Please verify.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
There are still two problems:

* a cert warning is generated, because "despot.mozilla.org" or a matching
wildcard is not in the server cert.

* the index should be a redirect to webtools/despot/despot.cgi (which is also
incorrect - but in a different way - on the http server instance).

Andwer to first problem is easy: the certificate doesn't have that. The current 
cert expires in May so we need to put all these possible names there 
(cvs-mirror|webtools|bonsai|bugzilla).mozilla.org there. 

For second, I need to take a look at that. Weird thing here is that I don't 
think anything changed in the enterprise server...
Status: REOPENED → ASSIGNED
Index is now redirecting properly. I won't do anything about cert warning yet. 
We need to address it in few months when the cert will be renewed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
The cert-warning part of this bug isn't yet fixed, and therefore should not yet
be marked as resolved, since it isn't.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: https://despot.mozilla.org/ doesn't work → https://despot.mozilla.org/ has a cert problem
Severity: normal → minor
Current cert (for name cvs-mirror.mozilla.org) expires 5/3/00. So I'll (or 
someone) should get back at this in end of April.
FYI, new CERT requested... should be ready in few days. The combination of names 
is below.

---

Dear Enterprise Security Officer

A new SSL server, IPSEC server, or Developer certificate
request has been submitted to Thawte for your enterprise.
Please log in and review it.

The request code is USNETS361. The certificate should appear
at the following URL (make sure you are administering
the AOL account if you are an ESO for multiple E-PKI
accounts):

https://www.thawte.com/cgi/enterprise/lra/ssl/contents.exe

The domain name (hostname) given for the certificate is
(webtools|despot|bugzilla|tinderbox|bonsai).mozilla.org.

Regards,


The SWAT Team
Thawte Consulting
Status: REOPENED → ASSIGNED
CERT came back quickly and is now installed on https instance on lounge. It's 
valid until 5/8/2001.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
[despot] Certificate Is Expired - The certificate expires on Tue May 08, 2001.

Certificate Is Expired


despot.mozilla.org is a site that uses encryption to protect transmitted
information. However the digital Certificate that identifies this site has 
expired.
This may be because the certificate has actually expired, or because the date
on your computer is wrong.

The certificate expires on Tue May 08, 2001.

Your computer's date is set to Fri May 11, 2001. If this date is incorrect, 
then
you should reset the date on your computer.

You may continue or cancel this connection.

REOPEN :!
URL: https://despot.mozilla.org
Severity: minor → critical
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
It most probably is really expired.

Steve, Could you renew it?
Assignee: rko → scbrown
Status: REOPENED → NEW
Bounced server on Friday to enable new certificate.  Looks okay now.
Status: NEW → RESOLVED
Closed: 24 years ago23 years ago
Resolution: --- → FIXED
This Certificate is valid from Mon Apr 30, 2001 to Tue Apr 30, 2002

The current date is: Mon 05/06/2002
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Dawn, please open a helpdesk ticket.
Assignee: scbrown → endico
Status: REOPENED → NEW
Depends on: 164146
As of today the certificate has been expired for a full year.
I'm told there is some private discussion about this problem.
Assignee: endico → mitchell
https://despot.mozilla.org is now running a self-signed certificate.

I don't know whether a CA-signed one will be requested or not, but that's
probably sufficient for what we use it for.
Mark this as fixed?
Yeah, this'll do for now.  Eventually we should get a CA-signed one that lets us
use SSL on all the webtools domains, but that'll probably have to wait for
Mozilla Foundation's tax status stuff to clear, and that can certainly be a new
bug as part of the infrastructure plans once we get to that point.
Status: NEW → RESOLVED
Closed: 23 years ago21 years ago
Resolution: --- → FIXED
vrfy fixed
note that https://mecha.mozilla.org gives the traditional mismatched cert
warning if you ignore the untrusted path warning.
Status: RESOLVED → VERIFIED
Summary: https://despot.mozilla.org/ has a cert problem → https://despot.mozilla.org/ has a cert problem (despot not in cn, cert expired)
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.