Closed Bug 639936 Opened 14 years ago Closed 13 years ago

Get Organization Validation SSL certificate (OV Cert) for *.mozqa.com

Categories

(Mozilla QA Graveyard :: Mozmill Automation, defect)

Product:
Mozilla QA Graveyard
Component:
Mozmill Automation
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: abillings, Assigned: mrz)

References

Details

Attachments

(2 files, 1 obsolete file)

Updated csr for *.mozqa.com
1.03 KB, text/plain
Details
godaddy DV cert + chain
4.07 KB, application/zip
Details
QA is creating an apache instance for testing against. It will hold existing litmus content from HG. As part of having the apache server, we will now be able to do SSL testing. To facilitate this, we need a Organization Validation SSL certificate (OV Cert) for *.mozqa.com. See glossary at https://wiki.mozilla.org/CA:Glossary for definitions.
I'm assigning this to you, mrz, but I'm sure there is someone better to assign this to. Since this is a Mozilla cert, I'm assuming that I have to go through IT. This is needed for manual and automated testing of SSL by QA. Currently, we rely on third party sites to do SSL testing (or mozilla.com and mozilla.org) and would like to be able to do it on the mozqa.com box.
Assignee: abillings → mrz
Can you generate and attach a CSR?
Attached file CSR as requested for *.mozqa.com (obsolete) —
Organization Name: Mozilla Corporation Department: Quality Assurance Let me know if this should be different.
Whiteboard: [pending geotrust]
Whiteboard: [pending geotrust] → [pending domain transfer]
Is this still blocked by domain transfer for mozqa.com?
Yes. I can't generate certificates with geotrust for domains that don't show as owned by Mozilla.
I wasn't sure if the domain transfer had completed or not at this point.
What is the current status on this?
Still waiting on the domain to transfer.
Blocks: 661121
Two weeks later, any update? :-)
Waiting on geotrust to add this domain.
Whiteboard: [pending domain transfer] → [pending geotrust]
* Country code is not valid. Can you regenerate the CSR with the correct country code? Should be "US".
Whiteboard: [pending geotrust]
Let me know if there are any issues with this one.
Attachment #528378 - Attachment is obsolete: true
Dear Matthew Zeier, Congratulations! GeoTrust has approved your request for a Enterprise SSL Wildcard certificate. Your certificate is included at the end of this email. INSTALLATION INSTRUCTIONS 1. INSTALL CERTIFICATE: Install the X.509 version of your certificate included at the end of this e-mail. For installation instructions for your SSL Certificate, go to: http://www.geotrust.com/support/installation-instructions/index.html 2. INTERMEDIATE CERTIFICATE ADVISORY: You MUST install the GeoTrust intermediate Certificate included at end of this e-mail on your server together with your Certificate or it may not operate correctly You can also get your GeoTrust intermediate Certificates at: https://knowledge.geotrust.com/support/knowledge-base/index?page=content&actp=CROSSLINK&id=AR1423 3. CHECK INSTALLATION: Ensure you have installed your certificate correctly at: https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO9557&actp=LIST 4. INSTALL THE GEOTRUST TRUE SITE SEAL: Additionally, as part of your SSL Certificate Service, you are entitled to display the GeoTrust True Site Seal - recognized across the Internet and around the world as a symbol of authenticity, security, and trust - to build consumer confidence in your Web site. Installation instructions for the GeoTrust True Site Seal can be found on the following link: https://www.geotrust.com/support/true-businessid/true-site-seal/ Visit the GeoTrust Support Web site, where you will find a range of support tools to help you: http://www.geotrust.com/support Best regards, GeoTrust Customer Support http://www.geotrust.com/support Hours of Operation: Mon - Fri 05:00 - 17:00 (PST) Email: esslorders@geotrust.com Web: http://www.geotrust.com Phone: 1-866-436-8787 or 1-678-366-8399 Live Chat: http://www.geotrust.com/support ** MICROSOFT IIS and TOMCAT USERS Microsoft and Tomcat users are advised to download a PKCS #7 formatted certificate from the GeoTrust User Portal: https://products.geotrust.com/orders/orderinformation/authentication.do. PKCS #7 is the default format used by these vendors during installation and includes the intermediate CA certificate, you may also install the below web server certificate and intermediate CA certificate individually. Web Server CERTIFICATE ----------------- -----BEGIN CERTIFICATE----- MIIEnTCCA4WgAwIBAgIDALDJMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTExMDYyMzEwMDAzNVoXDTEyMDYyNDIxMjg0MFowgbUxKTAnBgNVBAUT IDgyVzc3bkdjbzZqUTBtSzdoem84S3dWN0hZTk8zenBaMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEaMBgGA1UECxMRUXVhbGl0eSBBc3N1 cmFuY2UxFDASBgNVBAMMCyoubW96cWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAypIYZQq5hJQ7MU7UehmrCGoqEULJgUHkn1yZJtppyDEX7n5w FJBkDF/tTo7gHXtJ/3cUGfnMuqcOchoZyMn2hJ1mnGbnsAF3rcjEpYDLL98QJ3rB AQcf0xs3+b2ALKWJzNAhj0U2AOnCaLKIZ4IbY20JTL4iYJv2UNR3ZtvnK5GeL9c9 5Cwz8QAwanTJb562t6YS6LwroQyhCg1eOg4nHAVoH3wLPTaSi6CaDb8xCUdavZEE 87z6+QR9SGOSifsD4fZ3gqJEPezmXJZ9F8UBk4P4gkBtblCEdDZ3veoPHXSqc7aW F5435x+/TpjLiX/4hlUgahJd3cH5V5d9H65jzwIDAQABo4IBKDCCASQwHwYDVR0j BBgwFoAUQnlUG2HNVSs+Y9U8SFf1n/tFzkowDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAhBgNVHREEGjAYggsqLm1venFhLmNv bYIJbW96cWEuY29tMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBS158GGg0Xj/i/J 53bdITlTiibgyDAMBgNVHRMBAf8EAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEF BQcwAoYnaHR0cDovL2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQA6VKCKMm5At5uqxmt0DbMpyCFnhLMaE3O6p7boXEoC PidPKPV+N/LRrvx84/tInnosCQpBlljHMqY3mycWQx15hfc+3284QESJ4OwC3OQ0 ktjgj05BSWjEJGGCPyMX5tZZsJxekdNr8ACZCkrzel3X4f7rtvVmpuJyBASQE/1b vfoVUheZ9hg4fMm6mnQBkfbqeuwDfXL3JpbPw3qAJGqbIR+DdSU1OswLJoiiiF5a usEAOotQXlzwgWTUQLlgGNVOoJXZ6znLh/1Ouvq8q9z/+vgNQdgyU5x0Xi6oCJIs HALQ298WTv9KT/ijtTuxRD6ibxdW9+JR7Eoy4njsO5TJ -----END CERTIFICATE----- INTERMEDIATE CA: --------------------------------------- -----BEGIN CERTIFICATE----- MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0 IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR 8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50 96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5 VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4 ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES 0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk 2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V 4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ= -----END CERTIFICATE-----
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Are you sure that this is a wild card cert for *.mozqa.com? I'm having problems getting the intermediate chain cert working but I note that if I install the new cert on www.mozqa.com and try that and mozqa.com, along with the self-signed warning (because of the lack of the intermediate cert somehow), www.mozqa.com warns me, "The certificate is only valid for mozqa.com", and mozqa.com does *not* give this warning. This indicates that it may not be a wildcard cert.
Yes, certain. I can't generate a cert with a different CN that the CSR has.
Ah, good point. All right, I'm going to blame my inability to get the intermediate.crt chain working right now. I'm baffled by this though.
All figured out. The Rackspace VPS is going to need more ip addresses. I'll log another bug. Apparently, you can use virtual hosts to serve multiple SSL certificates on one IP address.
You can but you will need the SNI extension for Apache. We should figure out if it is desired by IT or not. http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
I don't have an opinion here - Al has admin on that server and it's up to him on what or how he wants to test. In production, we offload SSL to the load balancers so Apache SNI has less relevance for us.
Sorry, took awhile to find someone who would do DV. I got this from godaddy.
Ugh. Wrong bug.
Product: Mozilla QA → Mozilla QA Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: