Status

Infrastructure & Operations
NetOps
RESOLVED FIXED
8 years ago
5 years ago

People

(Reporter: clouserw, Assigned: oremj)

Tracking

Details

(Reporter)

Description

8 years ago
As noted in comment 0 of bug 587065 one of the benefits of using a CDN is less cookie traffic.  Since we moved to domain cookies, we're sending even more to StAMO now, so we should move the domain to static.addons.mozilla.net.

This is a vhost change in apache as well as adjusting the variable in settings_local on SAMO.  Thanks.
(Assignee)

Comment 1

8 years ago
We need to buy a cert for this.

Updated

8 years ago
Assignee: server-ops → jeremy.orem+bugs
(Reporter)

Comment 2

8 years ago
We're considering using this domain to fix bug 619403.  What's the ETA on the cert+domain?
(Assignee)

Comment 3

8 years ago
Not sure how long it takes to buy the cert.  Mrz?

-----BEGIN CERTIFICATE REQUEST-----
MIIC6TCCAdECAQAwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBv
cmF0aW9uMSIwIAYDVQQDExlzdGF0aWMuYWRkb25zLm1vemlsbGEubmV0MSUwIwYJ
KoZIhvcNAQkBFhZob3N0bWFzdGVyQG1vemlsbGEuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAyrWDi0VVBTtNr47XX6OdrlztMkDiFIZyXsjyFr9B
LkUxSFVufwGAzTKG5/AhpJH1eGRu2tCgGqJ3HBM3GnnqWtjDcf5KVMGwof/YIKQ2
tm9KzDVxYtp3JEqmyvSUX+cIS6M+ZWHS+m6OltTTemZcJ9pjC82JdE7w0jdaQR9h
TaFOYO5upg4SnlMCwGTHxDEkr6w2dJYS6IeehV1NYqQZEvldhTR/nMmhYY1QxZjD
NJeDJGlNC8QJM9vzkAz7Hj1o4bexDTp6PV5MnSYk0R+y/7WpFJM8PHuhmDlEfGAY
/QKk7490FHyp8etzk54cBMvZRMEIIfYHOKY3i8zt/FWy8QIDAQABoAAwDQYJKoZI
hvcNAQEFBQADggEBABr8dEFvVE2dNage+M1Umb2vLyOM7Dm8OJ4d4t/CMDTF9gyH
KFg6wzVrccsxe2pkiLS13u7q8K5IDnyjRwV0TKmE4R61Dq30f570RvGLhNn/cPDJ
BoHB8/bb2EWU3I7HWw/8XxM6imQg/kTRKByrJJRygQM1jTd4dZ5rGRPYfGiCBoV7
xkOf91gGDZX4S6gjkX3g0NtlwNECwVLhn5Jeb+j5MCAj7x9vSToqFNmSsbr7XeYi
7kjPcwigKCkxfz6oZi1lFoAtgGRJCja4TZdE0nbcbbpPWfYi9/8X8WfBIxMqhFFh
14wi/rIL7KuAsrQRlV+1w47BXkWMw5IVxaIvbGA=
-----END CERTIFICATE REQUEST-----
Assignee: jeremy.orem+bugs → mrz

Updated

8 years ago
Blocks: 619403

Comment 4

8 years ago
Have asked geotrust to add mozilla.net - will update when done.

Comment 5

8 years ago
Dear Matthew Zeier,

Congratulations! GeoTrust has approved your request for a Enterprise SSL certificate. Your certificate is included at the end of this email.

INSTALLATION INSTRUCTIONS

1. INSTALL CERTIFICATE:
Install the X.509 version of your certificate included at the end of this e-mail.
For installation instructions for your SSL Certificate, go to:
http://www.geotrust.com/support/installation-instructions/index.html

2. INTERMEDIATE CERTIFICATE ADVISORY:
You MUST install the GeoTrust intermediate Certificate included at end of this e-mail on your server together with your Certificate or it may not operate correctly

You can also get your GeoTrust intermediate Certificates at:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&actp=CROSSLINK&id=AR1423

3. CHECK INSTALLATION:
Ensure you have installed your certificate correctly at:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO9557&actp=LIST

4. INSTALL THE GEOTRUST TRUE SITE SEAL:
Additionally, as part of your SSL Certificate Service, you are entitled to display the GeoTrust True Site Seal - recognized across the Internet and around the world as a symbol of authenticity, security, and trust - to build consumer confidence in your Web site.

Installation instructions for the GeoTrust True Site Seal can be found on the following link:
https://www.geotrust.com/support/true-businessid/true-site-seal/

Visit the GeoTrust Support Web site, where you will find a range of support tools to help you:
http://www.geotrust.com/support

Best regards,

GeoTrust Customer Support
http://www.geotrust.com/support
Hours of Operation: Mon - Fri 05:00 - 17:00 (PST)
Email:     esslorders@geotrust.com
Web:       http://www.geotrust.com
Phone:     1-866-436-8787 or 1-678-366-8399
Live Chat: http://www.geotrust.com/support


** MICROSOFT IIS and TOMCAT USERS
Microsoft and Tomcat users are advised to download a PKCS #7 formatted certificate from the GeoTrust User Portal:
https://products.geotrust.com/orders/orderinformation/authentication.do. PKCS #7 is the default format used by these vendors during installation and includes the intermediate CA certificate, you may also install the below web server certificate and intermediate CA certificate individually.

Web Server CERTIFICATE
-----------------

-----BEGIN CERTIFICATE-----
MIIEkTCCA3mgAwIBAgICS6YwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDkdlb1RydXN0LCBJbmMuMRgwFgYDVQQDEw9HZW9UcnVzdCBTU0wg
Q0EwHhcNMTAxMjE2MDEyNTIxWhcNMTIxMjE4MTQwMjMxWjCBpzEpMCcGA1UEBRMg
TGl0MzZOYllKQUhmUmgyYnNOc3BMeDU4NGxybTNmYUIxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRwwGgYD
VQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMSIwIAYDVQQDExlzdGF0aWMuYWRkb25z
Lm1vemlsbGEubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrWD
i0VVBTtNr47XX6OdrlztMkDiFIZyXsjyFr9BLkUxSFVufwGAzTKG5/AhpJH1eGRu
2tCgGqJ3HBM3GnnqWtjDcf5KVMGwof/YIKQ2tm9KzDVxYtp3JEqmyvSUX+cIS6M+
ZWHS+m6OltTTemZcJ9pjC82JdE7w0jdaQR9hTaFOYO5upg4SnlMCwGTHxDEkr6w2
dJYS6IeehV1NYqQZEvldhTR/nMmhYY1QxZjDNJeDJGlNC8QJM9vzkAz7Hj1o4bex
DTp6PV5MnSYk0R+y/7WpFJM8PHuhmDlEfGAY/QKk7490FHyp8etzk54cBMvZRMEI
IfYHOKY3i8zt/FWy8QIDAQABo4IBKzCCAScwHwYDVR0jBBgwFoAUQnlUG2HNVSs+
Y9U8SFf1n/tFzkowDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAkBgNVHREEHTAbghlzdGF0aWMuYWRkb25zLm1vemlsbGEubmV0
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwuZ2VvdHJ1c3QuY29t
L2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBTcD5N3PD9+7ibl1ikIi5xX9sugYTAM
BgNVHRMBAf8EAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYnaHR0cDov
L2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MA0GCSqGSIb3DQEBBQUA
A4IBAQBTleNQYhSomARrDLuNSSQy0LKzUoL5g0LyLPesB8paX0B9kyB0gs/ewUVK
kB90WKwlUD1JAbpWv79wCjeEgpVFk19hRUjFvKImVHz7ct7nCsuRyrbaWNRsp3c7
zmPz+gTXrZnZNcx6HDeW1TJVkrtr7MH2POeKo+qbcEBK6N1aEbhUICD273mryuhA
0xQ2RSzPwDiKtrtUxBSgP5Um3eKOp47D8h7xtmdDGeVqguzBPlszABLfT/diB2gI
TRd+fLzsCy3jiWOhbqOEH9gElKResPm7rcFRVzvXs391hlU2UqQw9S3Xx+Ve955b
n4/swP/Or8aU+U5jdKvL1z/yY/Lg
-----END CERTIFICATE-----


INTERMEDIATE CA:
---------------------------------------

-----BEGIN CERTIFICATE-----
MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0
IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat
cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu
FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR
8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh
dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50
96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN
d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5
VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov
L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI
hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji
J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES
0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk
2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V
4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE
TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ=
-----END CERTIFICATE-----
Assignee: mrz → jeremy.orem+bugs
(Reporter)

Comment 6

8 years ago
How's this going?
(Assignee)

Comment 7

8 years ago
Looks like Matthew got the cert on Friday, so we can probably do this during the next push.
(Reporter)

Comment 8

8 years ago
It's a new site so we can bring it up any time and on our next push we'll just have to flip the setting in the config
(Assignee)

Comment 9

8 years ago
Need a multi hosted IP for this.

External IP: 63.245.209.158
Multicast: 239.44.0.4
Multicast MAC: 01:00:5E:2C:00:04
Zeus Cluster: pm-zlb-amo*


Does NetOps need more/less information?
Assignee: jeremy.orem+bugs → network-operations
Component: Server Operations: Web Content Push → Server Operations: Netops
(Assignee)

Comment 10

8 years ago
Please reassign to me after comment 9 is done.

Updated

8 years ago
Assignee: network-operations → dmoore
Static arp mappings added, as required.
Assignee: dmoore → jeremy.orem+bugs
(Reporter)

Comment 12

8 years ago
Is there an ETA for this?  It's blocking that security bug.
(Assignee)

Comment 13

8 years ago
This is all ready to go.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.