Closed Bug 409431 Opened 17 years ago Closed 17 years ago

SSL Certificate on chat-support.mozilla.com:9091 causes untrusted warnings

Categories

(mozilla.org Graveyard :: Server Operations, task)

task
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: wolf, Assigned: aravind)

References

()

Details

When testing the live chat on support-stage (http://support-stage.mozilla.org/kb/Live+Chat) the foxkeh image loading causes a certificate accept prompt, which if refused, causes the image to not properly appear. Which is normal. The prompt is for an "Untrusted Certificate". I figured the self-signed Mozilla CA was being used, but looking closer, it appears to be the *.mozilla.com certificate signed by XRamp in use. (same as apache uses on the same server.) So it should just work (TM). This happens on Firefox 2.0.0.11 and in IE7, in Minefield it just automatically ignores it.
Summary: SSL Certificate on chat-support.mozilla.com:9091 caused untrusted warnings. → SSL Certificate on chat-support.mozilla.com:9091 causes untrusted warnings
That's true - we're waiting on a production certificate for chat-support.mozilla.com. I think the problem was getting the XRamp cert chain installed correctly. I'm passing to oremj though who was working on this more closely than I was.
Assignee: server-ops → oremj
btw, on my OSX Minefield, it loads the image just fine.
It worked fine on minefield for mconnor and polvi as well. I'm guessing mozillians have the certificate accepted somewhere already in a different way? I had to set up an exception myself (minefield as well).
Oh, that could be - take a look at http://wiki.mozilla.org/MozillaRootCertificate and grab the root certificate. Should get you working in the short-term.
Aravind installed the certs and probably knows more about what is going on than me. I'll reassign to him, but the easiest solution might be to just generate a CSR within the app and buy it. Java isn't very compatible with certs generated with openSSL apparently.
Assignee: oremj → aravind
(In reply to comment #4) > Oh, that could be - take a look at > http://wiki.mozilla.org/MozillaRootCertificate and grab the root certificate. > Should get you working in the short-term. > Thanks, that seriously simplifies my workaround!
There are still issues, IE7 won't use the go to x page to accept cert workaround either, they'd have to install the root cert. Clean profile on Trunk I have to go to https://chat-support.mozilla.com:9091 to get prompted for the cert.
just visiting https://sitedata.xramp.com/ will, at least on trunk, give you the "XRamp Security Services GS CA" you need.
Fixed.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Verified. Thanks Aravind.
Status: RESOLVED → VERIFIED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.