irc.mozilla.org SSL certificate expired

RESOLVED FIXED

Status

--
major
RESOLVED FIXED
10 years ago
4 years ago

People

(Reporter: mrz, Assigned: justdave)

Tracking

other
All
Other
Bug Flags:
needs-downtime +

Details

(Whiteboard: 8/11 8pm PDT / 03:00 UTC)

(Reporter)

Description

10 years ago
Need CSR.
(Reporter)

Updated

10 years ago
Assignee: server-ops → justdave
-----BEGIN CERTIFICATE REQUEST-----
MIIBwzCCASwCAQAwgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJNb3ppbGxhIEZvdW5k
YXRpb24xETAPBgNVBAsTCFNlY3VyaXR5MRYwFAYDVQQDFA0qLm1vemlsbGEub3Jn
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrSgZiTAbrQfF90na84Tq76dQt
R38jgAsxZ9gsMHh3KJB2c9UqRersH286JbOjHVMelB/8EZJBB3OcXURjDmNGppZ+
uQrWoDGU0F6kb7gsTMVQtbbJACUGpSe3lXx7/Ab2+/BzJkHHPS5kTI5s9vHxxGKN
UVZ8KiRf3rFVKTQMOwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEASgazTY+A8MHI
+BBhsmVy9zE8nNtza4LRSJIuwF8ky9sJQI+Umy6CydTyRnqHeEarzuSnSSaSvL+9
+gUN8D0/xYw2xncbgFtURrdhZzcr9vwgh9HP7Y8MDbNf96OasiZjap7lkCTXnxsk
rkm9LZ3fh+aBRl2Vko5JYeXRxOOeBT8=
-----END CERTIFICATE REQUEST-----
Raising importance to major. it is impossible to connect to the server via SSL using chatzilla under xulrunner.
Severity: minor → major
xchat-gnome also fails to connect (but it's overrideable via a checkbox)
---
 Looking up irc.mozilla.org..
 Connecting to irc.mozilla.org (63.245.208.159) port 6697..
 * Certification info:
   Subject:
     O=Mozilla Foundation
     L=Mountain View
     ST=California
     C=US
     CN=irc.mozilla.org
     OU=Security
     emailAddress=ircadmins@mozilla.org
   Issuer:
     C=US
     ST=Texas
     L=San Antonio
     OU=GS CA
     O=XRamp Security Services Inc
     CN=XRamp Security Services GS CA
   Public key algorithm: rsaEncryption (1024 bits)
   Sign algorithm sha1WithRSAEncryption
   Valid since Aug  9 22:38:22 2006 GMT to Aug 10 22:48:24 2009 GMT
 * Cipher info:
   Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
 Connection failed. Error: certificate has expired.? (10)
Assignee: justdave → mrz
(Reporter)

Comment 4

10 years ago
CSR is for *.mozilla.org:

Subject: C=US, ST=California, L=Mountain View, O=Mozilla Foundation, OU=Security, CN=*.mozilla.org
oops, must have been for the previous cert. :(

Try this one:

-----BEGIN CERTIFICATE REQUEST-----
MIIB6zCCAVQCAQAwgaoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJNb3ppbGxhIEZvdW5k
YXRpb24xETAPBgNVBAsTCElSQyBDaGF0MRgwFgYDVQQDEw9pcmMubW96aWxsYS5v
cmcxJDAiBgkqhkiG9w0BCQEWFWlyY2FkbWluc0Btb3ppbGxhLm9yZzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAqod0tZnGBwn3O+lP6OO6UsTTIt5neAO82Y/7
fa2AvqJxQKQsGZpxf5luDJOh5LXQMD8e4RKCQPMR7sMH8qrF8E7PbmHeYL8Xwa0q
9rjsSGbbBIPr4Jqo5cKcXakwZfKIRoB56wY4zZYfbq/Ccyi394N/pUar2MxAtFzf
5GND8qUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAHu482X+o85kWsRmE62JgE7v
Yc4GtHAOtal99TqJa+qpbnP9nWtC1/yTpBicTUSzv0uATav4Xrf5mCRSehAc/Dkv
FvtP/2cXT84LlmzCQM5ABa0FHwuH/pZvUcNqD0ZLKsexmwPtL3193rUFHu6StAOC
3p3eDcwV4gDNDfeyYzsd
-----END CERTIFICATE REQUEST-----
Note to anyone following along... the IRC server will need to be restarted in order to pick up the new certificate (in otherwords, everyone that's on already is going to get dumped off).
(Reporter)

Comment 7

10 years ago
Order Id: 6094240

Thank you for purchasing an Enterprise SSL Premium certificate.  We are pleased to inform you that your enrollment is complete.  Your certificate is attached below and the dynamic seal for "irc.mozilla.org" has been activated and is ready to be added to your home page.

Your Web Server Certificate for irc.mozilla.org

-----BEGIN CERTIFICATE-----
MIIC+zCCAmSgAwIBAgIDDFukMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwODEwMTIzNDM2WhcNMTEwODEyMTA1MTQx
WjCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xETAP
BgNVBAsTCElSQyBDaGF0MRgwFgYDVQQDEw9pcmMubW96aWxsYS5vcmcwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAKqHdLWZxgcJ9zvpT+jjulLE0yLeZ3gDvNmP
+32tgL6icUCkLBmacX+ZbgyToeS10DA/HuESgkDzEe7DB/KqxfBOz25h3mC/F8Gt
Kva47Ehm2wSD6+CaqOXCnF2pMGXyiEaAeesGOM2WH26vwnMot/eDf6VGq9jMQLRc
3+RjQ/KlAgMBAAGjga4wgaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBRmz3Fi
UNgemSulL4hX8WfKPZjeiDA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdl
b3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9Ky
lddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADgYEAJ6tJoLVDphRy3CT1sgKCWbORvOUIZbm+37kAXyGkfahz
Zshtg+XWs8j44T/zyuWipo0G8obmzIcjddDSnhBhFWOZCkdq4uh8jpolwYOKt/zI
/GLaF+bKjrdO3h2naMDdMM8MOXaYsBj/kAhn6eVC9062CzN06CVqsOQfsywi8uA=
-----END CERTIFICATE-----
Assignee: mrz → justdave
certificate installed.  Shall I go ahead and kick them tonight or wait until tomorrow's maintenance window?
We had 23 users on gravel compared to 1046 on sand, because DNS has already been pointed at sand...  I just rebooted gravel, and then switched DNS to point only at it.  We'll kick sand tomorrow night during the maint window.
Flags: needs-downtime+
Whiteboard: 8/11 8pm PDT / 03:00 UTC
(In reply to comment #6)
> the IRC server will need to be restarted in order to pick up the new
> certificate

Turns out that's actually not true.  Unreal added a /rehash -ssl command a couple versions back that lets you reload the cert without restarting.  Sand is now running the new cert.

I'm still going to reboot it during tonight's window, it needs a kernel upgrade anyway.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.