www-trunk.stage.mozilla.com should use *.stage.mozilla.com wildcard SSL certificate

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations
RESOLVED FIXED
8 years ago
3 years ago

People

(Reporter: Nico R., Assigned: fox2mike)

Tracking

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090913 Gentoo Firefox/3.5.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090913 Gentoo Firefox/3.5.3

When I use Firefox to open <URL:https://www-trunk.stage.mozilla.com/>, I get a security warning saying that the certificate is only valid for *.mozilla.com. This means, either the certificate should also allow *.*.mozilla.com, or this is a bug in the host name matching code (and it should match www-trunk.stage.mozilla.com for *.mozilla.com). I suppose the former is true.

Reproducible: Always

Steps to Reproduce:
1. Open https://www-trunk.stage.mozilla.com/ in Firefox.
Actual Results:  
Security warning appears.

Expected Results:  
I can surf the website via HTTPS, but without a security warning.
Assignee: nobody → server-ops
Status: UNCONFIRMED → NEW
Component: Other → Server Operations
Ever confirmed: true
Product: Websites → mozilla.org
QA Contact: other → mrz
Summary: Security warning when using www-trunk.stage.mozilla.com via HTTPS → www-trunk.stage.mozilla.com should use *.stage.mozilla.com wildcard SSL certificate
Version: unspecified → other
(Assignee)

Comment 1

8 years ago
Err, it's a stage site. It's not production, it's not something that is usually given out for public consumption.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WONTFIX
There's a *.stage.mozilla.com wildcard SSL certificate signed by the MoCo CA root that should be used. It's on mradm01 with the other certs.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---

Updated

8 years ago
Assignee: server-ops → shyam
(Assignee)

Comment 3

8 years ago
(In reply to comment #2)
> There's a *.stage.mozilla.com wildcard SSL certificate signed by the MoCo CA
> root that should be used. It's on mradm01 with the other certs.

Done, Reed :) Just for you :p
Status: REOPENED → RESOLVED
Last Resolved: 8 years ago8 years ago
Resolution: --- → FIXED

Comment 4

8 years ago
I still see an untrusted warning due to "The certificate is not trusted because no issuer chain was provided." using Minefield/Mac OS X at https://www-trunk.stage.mozilla.com/

We are getting reamed at http://talkback.zdnet.com/5206-12691-0.html?forumID=1&threadID=70187&tag=col1;tbTools for having an untrusted connection.
(In reply to comment #4)
> I still see an untrusted warning due to "The certificate is not trusted because
> no issuer chain was provided." using Minefield/Mac OS X at
> https://www-trunk.stage.mozilla.com/

Do you have the MoCo CA root installed?

https://wiki.mozilla.org/MozillaRootCertificate

This is a staging site. Once this is production, it'll all be over SSL with valid CA-signed certificates.

Comment 6

8 years ago
(In reply to comment #5)

> Do you have the MoCo CA root installed?

No. I didn't. Works fine with the cert installed. Thanks. Any reason we don't ship it?
(In reply to comment #6)
> (In reply to comment #5)
> 
> > Do you have the MoCo CA root installed?
> 
> No. I didn't. Works fine with the cert installed. Thanks. Any reason we don't
> ship it?

Because it's just for testing/staging purposes.
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.