Closed
Bug 509601
Opened 16 years ago
Closed 16 years ago
irc.mozilla.org SSL certificate expired
Categories
(mozilla.org Graveyard :: Server Operations, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mrz, Assigned: justdave)
Details
(Whiteboard: 8/11 8pm PDT / 03:00 UTC)
Need CSR.
|
Reporter | |
Updated•16 years ago
|
Assignee: server-ops → justdave
|
Assignee | |
Comment 1•16 years ago
|
||
-----BEGIN CERTIFICATE REQUEST-----
MIIBwzCCASwCAQAwgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJNb3ppbGxhIEZvdW5k
YXRpb24xETAPBgNVBAsTCFNlY3VyaXR5MRYwFAYDVQQDFA0qLm1vemlsbGEub3Jn
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrSgZiTAbrQfF90na84Tq76dQt
R38jgAsxZ9gsMHh3KJB2c9UqRersH286JbOjHVMelB/8EZJBB3OcXURjDmNGppZ+
uQrWoDGU0F6kb7gsTMVQtbbJACUGpSe3lXx7/Ab2+/BzJkHHPS5kTI5s9vHxxGKN
UVZ8KiRf3rFVKTQMOwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEASgazTY+A8MHI
+BBhsmVy9zE8nNtza4LRSJIuwF8ky9sJQI+Umy6CydTyRnqHeEarzuSnSSaSvL+9
+gUN8D0/xYw2xncbgFtURrdhZzcr9vwgh9HP7Y8MDbNf96OasiZjap7lkCTXnxsk
rkm9LZ3fh+aBRl2Vko5JYeXRxOOeBT8=
-----END CERTIFICATE REQUEST-----
|
||
Comment 2•16 years ago
|
||
Raising importance to major. it is impossible to connect to the server via SSL using chatzilla under xulrunner.
Severity: minor → major
|
||
Comment 3•16 years ago
|
||
xchat-gnome also fails to connect (but it's overrideable via a checkbox)
---
Looking up irc.mozilla.org..
Connecting to irc.mozilla.org (63.245.208.159) port 6697..
* Certification info:
Subject:
O=Mozilla Foundation
L=Mountain View
ST=California
C=US
CN=irc.mozilla.org
OU=Security
emailAddress=ircadmins@mozilla.org
Issuer:
C=US
ST=Texas
L=San Antonio
OU=GS CA
O=XRamp Security Services Inc
CN=XRamp Security Services GS CA
Public key algorithm: rsaEncryption (1024 bits)
Sign algorithm sha1WithRSAEncryption
Valid since Aug 9 22:38:22 2006 GMT to Aug 10 22:48:24 2009 GMT
* Cipher info:
Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
Connection failed. Error: certificate has expired.? (10)
|
|
Assignee | |
Updated•16 years ago
|
Assignee: justdave → mrz
|
|
Reporter | |
Comment 4•16 years ago
|
||
CSR is for *.mozilla.org:
Subject: C=US, ST=California, L=Mountain View, O=Mozilla Foundation, OU=Security, CN=*.mozilla.org
|
|
Assignee | |
Comment 5•16 years ago
|
||
oops, must have been for the previous cert. :(
Try this one:
-----BEGIN CERTIFICATE REQUEST-----
MIIB6zCCAVQCAQAwgaoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJNb3ppbGxhIEZvdW5k
YXRpb24xETAPBgNVBAsTCElSQyBDaGF0MRgwFgYDVQQDEw9pcmMubW96aWxsYS5v
cmcxJDAiBgkqhkiG9w0BCQEWFWlyY2FkbWluc0Btb3ppbGxhLm9yZzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAqod0tZnGBwn3O+lP6OO6UsTTIt5neAO82Y/7
fa2AvqJxQKQsGZpxf5luDJOh5LXQMD8e4RKCQPMR7sMH8qrF8E7PbmHeYL8Xwa0q
9rjsSGbbBIPr4Jqo5cKcXakwZfKIRoB56wY4zZYfbq/Ccyi394N/pUar2MxAtFzf
5GND8qUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAHu482X+o85kWsRmE62JgE7v
Yc4GtHAOtal99TqJa+qpbnP9nWtC1/yTpBicTUSzv0uATav4Xrf5mCRSehAc/Dkv
FvtP/2cXT84LlmzCQM5ABa0FHwuH/pZvUcNqD0ZLKsexmwPtL3193rUFHu6StAOC
3p3eDcwV4gDNDfeyYzsd
-----END CERTIFICATE REQUEST-----
|
|
Assignee | |
Comment 6•16 years ago
|
||
Note to anyone following along... the IRC server will need to be restarted in order to pick up the new certificate (in otherwords, everyone that's on already is going to get dumped off).
|
|
Reporter | |
Comment 7•16 years ago
|
||
Order Id: 6094240
Thank you for purchasing an Enterprise SSL Premium certificate. We are pleased to inform you that your enrollment is complete. Your certificate is attached below and the dynamic seal for "irc.mozilla.org" has been activated and is ready to be added to your home page.
Your Web Server Certificate for irc.mozilla.org
-----BEGIN CERTIFICATE-----
MIIC+zCCAmSgAwIBAgIDDFukMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwODEwMTIzNDM2WhcNMTEwODEyMTA1MTQx
WjCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xETAP
BgNVBAsTCElSQyBDaGF0MRgwFgYDVQQDEw9pcmMubW96aWxsYS5vcmcwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAKqHdLWZxgcJ9zvpT+jjulLE0yLeZ3gDvNmP
+32tgL6icUCkLBmacX+ZbgyToeS10DA/HuESgkDzEe7DB/KqxfBOz25h3mC/F8Gt
Kva47Ehm2wSD6+CaqOXCnF2pMGXyiEaAeesGOM2WH26vwnMot/eDf6VGq9jMQLRc
3+RjQ/KlAgMBAAGjga4wgaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBRmz3Fi
UNgemSulL4hX8WfKPZjeiDA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdl
b3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9Ky
lddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADgYEAJ6tJoLVDphRy3CT1sgKCWbORvOUIZbm+37kAXyGkfahz
Zshtg+XWs8j44T/zyuWipo0G8obmzIcjddDSnhBhFWOZCkdq4uh8jpolwYOKt/zI
/GLaF+bKjrdO3h2naMDdMM8MOXaYsBj/kAhn6eVC9062CzN06CVqsOQfsywi8uA=
-----END CERTIFICATE-----
Assignee: mrz → justdave
|
|
Assignee | |
Comment 8•16 years ago
|
||
certificate installed. Shall I go ahead and kick them tonight or wait until tomorrow's maintenance window?
|
|
Assignee | |
Comment 9•16 years ago
|
||
We had 23 users on gravel compared to 1046 on sand, because DNS has already been pointed at sand... I just rebooted gravel, and then switched DNS to point only at it. We'll kick sand tomorrow night during the maint window.
Flags: needs-downtime+
Whiteboard: 8/11 8pm PDT / 03:00 UTC
|
|
Assignee | |
Comment 10•16 years ago
|
||
(In reply to comment #6)
> the IRC server will need to be restarted in order to pick up the new
> certificate
Turns out that's actually not true. Unreal added a /rehash -ssl command a couple versions back that lets you reload the cert without restarting. Sand is now running the new cert.
I'm still going to reboot it during tonight's window, it needs a kernel upgrade anyway.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•