If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

https://despot.mozilla.org/ has a cert problem (despot not in cn, cert expired)

VERIFIED FIXED

Status

mozilla.org Graveyard
Server Operations
P3
critical
VERIFIED FIXED
18 years ago
3 years ago

People

(Reporter: dmose, Assigned: Mitchell Baker)

Tracking

Details

(URL)

(Reporter)

Description

18 years ago
http://despot.mozilla.org does work, and links to the https version, which
doesn't.

Comment 1

18 years ago
Haven't had time to this yet, sorry.
Status: NEW → ASSIGNED

Comment 2

18 years ago
Mind if i try and get https://despot.mozilla.org working?

Comment 3

18 years ago
Fine with me... haven't had time for this (like many other issues) because of 
firefight mode lately, sorry.

Comment 4

18 years ago
On https://csisnet5.uvsc.edu/ I get an Alert, saying "https is not a registered
protocol." The server is set up properly, though.

Comment 5

18 years ago
Pete, your problem doesn't have anything to do with this problem. You need SSL 
enabled build (like one from M14) + PSM plugin. Client issue.

Comment 6

18 years ago
Fixed. Please verify.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
(Reporter)

Updated

18 years ago
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Comment 7

18 years ago
There are still two problems:

* a cert warning is generated, because "despot.mozilla.org" or a matching
wildcard is not in the server cert.

* the index should be a redirect to webtools/despot/despot.cgi (which is also
incorrect - but in a different way - on the http server instance).

Comment 8

18 years ago
Andwer to first problem is easy: the certificate doesn't have that. The current 
cert expires in May so we need to put all these possible names there 
(cvs-mirror|webtools|bonsai|bugzilla).mozilla.org there. 

For second, I need to take a look at that. Weird thing here is that I don't 
think anything changed in the enterprise server...
Status: REOPENED → ASSIGNED

Comment 9

18 years ago
Index is now redirecting properly. I won't do anything about cert warning yet. 
We need to address it in few months when the cert will be renewed.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago18 years ago
Resolution: --- → FIXED
(Reporter)

Comment 10

18 years ago
The cert-warning part of this bug isn't yet fixed, and therefore should not yet
be marked as resolved, since it isn't.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: https://despot.mozilla.org/ doesn't work → https://despot.mozilla.org/ has a cert problem

Updated

18 years ago
Severity: normal → minor

Comment 11

18 years ago
Current cert (for name cvs-mirror.mozilla.org) expires 5/3/00. So I'll (or 
someone) should get back at this in end of April.

Comment 12

18 years ago
FYI, new CERT requested... should be ready in few days. The combination of names 
is below.

---

Dear Enterprise Security Officer

A new SSL server, IPSEC server, or Developer certificate
request has been submitted to Thawte for your enterprise.
Please log in and review it.

The request code is USNETS361. The certificate should appear
at the following URL (make sure you are administering
the AOL account if you are an ESO for multiple E-PKI
accounts):

https://www.thawte.com/cgi/enterprise/lra/ssl/contents.exe

The domain name (hostname) given for the certificate is
(webtools|despot|bugzilla|tinderbox|bonsai).mozilla.org.

Regards,


The SWAT Team
Thawte Consulting

Status: REOPENED → ASSIGNED

Comment 13

18 years ago
CERT came back quickly and is now installed on https instance on lounge. It's 
valid until 5/8/2001.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago18 years ago
Resolution: --- → FIXED

Comment 14

17 years ago
[despot] Certificate Is Expired - The certificate expires on Tue May 08, 2001.

Certificate Is Expired


despot.mozilla.org is a site that uses encryption to protect transmitted
information. However the digital Certificate that identifies this site has 
expired.
This may be because the certificate has actually expired, or because the date
on your computer is wrong.

The certificate expires on Tue May 08, 2001.

Your computer's date is set to Fri May 11, 2001. If this date is incorrect, 
then
you should reset the date on your computer.

You may continue or cancel this connection.

REOPEN :!
Severity: minor → critical
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 15

17 years ago
It most probably is really expired.

Steve, Could you renew it?
Assignee: rko → scbrown
Status: REOPENED → NEW

Comment 16

17 years ago
Bounced server on Friday to enable new certificate.  Looks okay now.
Status: NEW → RESOLVED
Last Resolved: 18 years ago17 years ago
Resolution: --- → FIXED

Comment 17

16 years ago
This Certificate is valid from Mon Apr 30, 2001 to Tue Apr 30, 2002

The current date is: Mon 05/06/2002
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 18

16 years ago
Dawn, please open a helpdesk ticket.
Assignee: scbrown → endico
Status: REOPENED → NEW

Updated

15 years ago
Depends on: 164146

Comment 19

15 years ago
As of today the certificate has been expired for a full year.
I'm told there is some private discussion about this problem.
Assignee: endico → mitchell
https://despot.mozilla.org is now running a self-signed certificate.

I don't know whether a CA-signed one will be requested or not, but that's
probably sufficient for what we use it for.

Comment 21

14 years ago
Mark this as fixed?
Yeah, this'll do for now.  Eventually we should get a CA-signed one that lets us
use SSL on all the webtools domains, but that'll probably have to wait for
Mozilla Foundation's tax status stuff to clear, and that can certainly be a new
bug as part of the infrastructure plans once we get to that point.
Status: NEW → RESOLVED
Last Resolved: 17 years ago14 years ago
Resolution: --- → FIXED

Comment 23

14 years ago
vrfy fixed
note that https://mecha.mozilla.org gives the traditional mismatched cert
warning if you ignore the untrusted path warning.
Status: RESOLVED → VERIFIED
Summary: https://despot.mozilla.org/ has a cert problem → https://despot.mozilla.org/ has a cert problem (despot not in cn, cert expired)
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.