Closed Bug 583011 Opened 14 years ago Closed 14 years ago

Set up an SSL certificate for m.input.mozilla.com

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
All
Other
Type:
task
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: wenzel, Assigned: fox2mike)

References

Details

The Input mobile site will need SSL to work without a warning when Fennec Beta ships. That's supposed still a while until then, but when it does, it'll send beta users to an https URL to leave feedback.

The current error is:

"m.input.mozilla.com uses an invalid security certificate.

The certificate is only valid for the following names:
  *.mozilla.com , mozilla.com  

(Error code: ssl_error_bad_cert_domain)"

The second dot does not match the wildcard, it seems.
Depends on: 582232
Before we go and buy certs, cause pain for everyone (need a new VIP for m.input, changes on the ACE and the Zeus...etc), why can't we use input.mozilla.com/m or m-input.mozilla.com? These quad dotted domain names are generally a$$. On today's phones, it shouldn't be too hard to type something like input.m.c/m (vs m.input).

Thoughts? Opinions?
Assignee: server-ops → shyam
i.m.o/m/... is possible but requires nontrivial code changes. I'd rather avoid it and keep serving the mobile site on a different domain.

Other possibility is deliberately NOT using HTTPS for the feedback pages. They are not, and should not be, MITM-relevant (i.e., no logins or anything). Would need to check with Security though.

Finally, m-input.m.com works for me. Not less crappy than a dot, but works.
(In reply to comment #2)
 
> Finally, m-input.m.com works for me. Not less crappy than a dot, but works.

It's *way* less crappy than dot for SSL issues.
We can remove the SSL stuff from the submission pages if this is going to require anything more than trivial work for anyone. In fact, let's go with that.
Aakash, just need to make sure the Mobile extension doesn't point to https then.

WONTFIXing this per comment 4.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Right, we shouldn't remove https stuff until I've given word to the Test Pilot team to change it.
And what's the final mobile URL? m-input? (so I can fix up DNS and Apache configs accordingly on stage and prod)
The final mobile URL is m.input.mozilla.com
Ah, and we're not doing SSL. Awesome. 

Thanks guys!
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.