Right now, all https://*.momo.com goes thru the same SSL backend, which has client certs authentication enabled, but optionnal. That needs to be split up in 2 separate backends, so it's not optionnal, but required where it's needed. Possibly, split them in 3, anon/optionnal/required, but don't keep them the same. This bit me once I installed my client cert in thunderbird, and all of a sudden, AUS pings prompted me for my client cert.
DNS finally propagated all over, done. # Never ask for client certs $> host aus.mozillamessaging.com aus.mozillamessaging.com is an alias for production.mozillamessaging.com. # Accept client certs optionally $> host build.mozillamessaging.com build.mozillamessaging.com is an alias for ssl-opt-production.mozillamessaging.com. # Require client certs $> host buildbot-admin.mozillamessaging.com buildbot-admin.mozillamessaging.com is an alias for ssl-cert-production.mozillamessaging.com.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.