Closed
Bug 449398
Opened 16 years ago
Closed 16 years ago
move www.mozilla.org behind Akamai
Categories
(mozilla.org Graveyard :: Server Operations: Projects, task)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: mrz, Assigned: oremj)
References
Details
|
Reporter | |
Updated•16 years ago
|
Assignee: server-ops → oremj
Flags: needs-downtime+
|
||
Comment 1•16 years ago
|
||
Will this impact updating www.mozilla.org?
|
|
Reporter | |
Comment 2•16 years ago
|
||
No.
|
|
||
Comment 3•16 years ago
|
||
If so, then how? Does CDNetworks support .htaccess files? SSIs?
|
|
Reporter | |
Comment 4•16 years ago
|
||
For those wishing to verify, you can test againts: 67.199.128.41 www.mozilla.org
|
Assignee | |
Comment 5•16 years ago
|
||
(In reply to comment #3) > If so, then how? > > Does CDNetworks support .htaccess files? SSIs? > They aren't hosting the files. CDNetworks is only a reverse proxy cache like akamai.
|
|
Assignee | |
Updated•16 years ago
|
Whiteboard: Waiting for CDNetworks to set up SSL.
|
|
Reporter | |
Comment 6•16 years ago
|
||
Talked to CDNetworks - they can either provision SSL or we can provide them with a key & crt. Otherwise they are already setup. Should generate a non wildcart CSR for www.mozilla.org/mozilla.org.
|
|
||
Comment 7•16 years ago
|
||
(In reply to comment #6) > Should generate a non wildcart CSR for www.mozilla.org/mozilla.org. Let me know if you need help generating a CSR that handles both www.mozilla.org and mozilla.org.
|
|
||
Comment 8•16 years ago
|
||
This will be a "True BusinessID® Multi-Domain" SSL certificate (http://www.geotrust.com/products/ssl_certificates/true_businessid_mdm.asp).
|
|
||
Comment 9•16 years ago
|
||
CSR and private key generated:
mradm01:/root/root-ca/www.mozilla.org.{csr|key}|
|
Reporter | |
Comment 10•16 years ago
|
||
-----BEGIN CERTIFICATE REQUEST----- MIIDTjCCAjYCAQAwga0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJNb3ppbGxhIEZvdW5k YXRpb24xEzARBgNVBAsTCk9wZXJhdGlvbnMxGDAWBgNVBAMTD3d3dy5tb3ppbGxh Lm9yZzElMCMGCSqGSIb3DQEJARYWaG9zdG1hc3RlckBtb3ppbGxhLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsQRDQm+xqomJBzgtuO/IlvPOsO QJ6a2h/lxJzswDmG+qIm0OdYTHQKWL13XKewAcnXfyANKN0DwbdYb8MqueQn3vqc SR1Ekz5SRGvwsUf8w39eli25Y/Mgn5JySSixNGJ08JiDq87mjiAfrluzuPFesEKX e1mnAacJJufp8cC8VopUp1xZaMfEYKMwynaCEzPyeZuhLFCr8Yebm76BbMtIHCCN hHuW//uS4WsNelCND2ftfIqy15kVW1EL9U9Hl6YhexuRQkCt6brb5IX384dAuThO hu56p0egei8fYr/rzAD61YIS5VV1WxciqRCWZZC+KexlYJjkvH47j38yeeUCAwEA AaBbMFkGCSqGSIb3DQEJDjFMMEowEQYJYIZIAYb4QgEBBAQDAgZAMAwGA1UdEwEB /wQCMAAwJwYDVR0RBCAwHoIPd3d3Lm1vemlsbGEub3Jnggttb3ppbGxhLm9yZzAN BgkqhkiG9w0BAQUFAAOCAQEARWkP4NC/bBiwRcGg27KBVO2C1E5olWaco4OMWY85 IOexJzecRD9xocQ8KKSVs0KEki/BRUvRDBjv8Dip3nGcQjipwpq9x2cFCIkZaM60 N59U5h1rU2nsz5v/HOL3tP3+92ndruoA5SHVdNyPAyp5GRb7IRLHzv9Dv3BPDm6F 5+3wc9ocMGT2RNcy0pFkBXLcJ6g84nvJGHAffu6DnTqgYeYl7CQNl366iYTC4GDQ HlRF3rVODWs8OP9YjOMkBLTwVk6uhTnw4nxLWqdYrqEQV3PZTh0zB0XS3OyDuseL m7rEVW4jj9xVfFwSxWyzyKUzODAm/yt+TVVavZnoOkTn8Q== -----END CERTIFICATE REQUEST-----
|
|
||
Comment 11•16 years ago
|
||
Can't use the certificate that was generated for www.mozilla.org, as it's a DV cert instead of an OV cert. Also, it doesn't contain the SAN info for mozilla.org that I had in the CSR.
New certificate:
Subject: C=US, O=www.mozilla.org, OU=GT59433432, OU=See www.geotrust.com/resources/cps (c)08, OU=Domain Control Validated - QuickSSL Premium(R), CN=www.mozilla.org
For comparison, here's the current wildcard certificate:
Subject: C=US, ST=California, L=Mountain View, O=Mozilla Corporation, OU=Secure Web Server, CN=*.mozilla.org
Obvious differences. :(|
|
Reporter | |
Comment 12•16 years ago
|
||
Justin, I don't have any support method with geotrust on this - can you help followup?
|
|
Reporter | |
Comment 13•16 years ago
|
||
I don't want to block on doing the CDNetworks trial on this - we're already 1.5 weeks into the trial and paying (and not using). Let's plan on doing the switch Thursday night as planned and in the background work with GeoTrust on the certificate issue. I know the GeoTrust validated Mozilla as a valid organization and from previous discussions (and stats on the Netscaler), https://www.mozilla.org/ usage is so incredibly low that very people will really be impacted (and I bet those grabbing the css or images won't even know).
|
||
Comment 14•16 years ago
|
||
I agree. For testing purposes this is better than nothing (and it is a valid cert, just not one we're proud of using), but we should get it replaced ASAP when we have the new cert ready. BTW, how are you delivering the key to CDN? people account over https behind http auth? or pgp-encrypted in transit if via email I hope?
|
|
Assignee | |
Comment 15•16 years ago
|
||
I rsynced the key and cert to them over ssh.
|
|
Reporter | |
Comment 16•16 years ago
|
||
Site up @ 67.199.128.58 . I think this looks okay to do a re-try tonight. Anyone disagree?
|
|
Assignee | |
Comment 17•16 years ago
|
||
Site is now behind CDNetworks.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 18•16 years ago
|
||
Re-opening since this bug has lots of state and stake holders. Summary changed to reflect to CDN provider.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: move www.mozilla.org behind CDNetworks → move www.mozilla.org behind Akamai
Whiteboard: Waiting for CDNetworks to set up SSL.
|
|
Assignee | |
Updated•16 years ago
|
Component: Server Operations → Server Operations: Projects
|
|
Assignee | |
Comment 19•16 years ago
|
||
Closing these until there is something to do.
Status: REOPENED → RESOLVED
Closed: 16 years ago → 16 years ago
Resolution: --- → INCOMPLETE
|
||
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•