Closed
Bug 409431
Opened 17 years ago
Closed 17 years ago
SSL Certificate on chat-support.mozilla.com:9091 causes untrusted warnings
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: wolf, Assigned: aravind)
References
()
Details
When testing the live chat on support-stage (http://support-stage.mozilla.org/kb/Live+Chat) the foxkeh image loading causes a certificate accept prompt, which if refused, causes the image to not properly appear. Which is normal. The prompt is for an "Untrusted Certificate". I figured the self-signed Mozilla CA was being used, but looking closer, it appears to be the *.mozilla.com certificate signed by XRamp in use. (same as apache uses on the same server.) So it should just work (TM).
This happens on Firefox 2.0.0.11 and in IE7, in Minefield it just automatically ignores it.
Reporter | ||
Updated•17 years ago
|
Summary: SSL Certificate on chat-support.mozilla.com:9091 caused untrusted warnings. → SSL Certificate on chat-support.mozilla.com:9091 causes untrusted warnings
Comment 1•17 years ago
|
||
That's true - we're waiting on a production certificate for chat-support.mozilla.com. I think the problem was getting the XRamp cert chain installed correctly.
I'm passing to oremj though who was working on this more closely than I was.
Assignee: server-ops → oremj
Comment 2•17 years ago
|
||
btw, on my OSX Minefield, it loads the image just fine.
Comment 3•17 years ago
|
||
It worked fine on minefield for mconnor and polvi as well. I'm guessing mozillians have the certificate accepted somewhere already in a different way? I had to set up an exception myself (minefield as well).
Comment 4•17 years ago
|
||
Oh, that could be - take a look at http://wiki.mozilla.org/MozillaRootCertificate and grab the root certificate. Should get you working in the short-term.
Comment 5•17 years ago
|
||
Aravind installed the certs and probably knows more about what is going on than me. I'll reassign to him, but the easiest solution might be to just generate a CSR within the app and buy it. Java isn't very compatible with certs generated with openSSL apparently.
Assignee: oremj → aravind
Comment 6•17 years ago
|
||
(In reply to comment #4)
> Oh, that could be - take a look at
> http://wiki.mozilla.org/MozillaRootCertificate and grab the root certificate.
> Should get you working in the short-term.
>
Thanks, that seriously simplifies my workaround!
Comment 7•17 years ago
|
||
There are still issues, IE7 won't use the go to x page to accept cert workaround either, they'd have to install the root cert.
Clean profile on Trunk I have to go to https://chat-support.mozilla.com:9091 to get prompted for the cert.
Comment 8•17 years ago
|
||
just visiting https://sitedata.xramp.com/ will, at least on trunk, give you the "XRamp Security Services GS CA" you need.
Assignee | ||
Comment 9•17 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•