SSL cert needed for browserid.org

RESOLVED FIXED

Status

Infrastructure & Operations Graveyard
WebOps: Labs
RESOLVED FIXED
7 years ago
2 years ago

People

(Reporter: Lloyd Trevor Hilaiel, Assigned: zandr)

Tracking

Details

(Whiteboard: [needs CSR])

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.29 (KHTML, like Gecko) Chrome/12.0.733.0 Safari/534.29
Build Identifier: 

A single domain cert should be fine.  If we could get EV for that fancy green bar there are some benefits to what we're trying to do.  If it ends up being overly costly, difficult, or slow, we can make due with a more basic cert.


Reproducible: Always

Comment 1

7 years ago
Need to add this to geotrust.  Also, need a CSR.  Blocked on that.

Comment 2

7 years ago
Added to geotrust.  Just need the CSR now.
Whiteboard: [needs CSR]
(Reporter)

Comment 3

7 years ago
Created attachment 533001 [details]
csr for browserid.org

here's a CSR for browserid, thanks for the help with the cert!
(Reporter)

Comment 4

7 years ago
ping?
(Assignee)

Comment 5

7 years ago
@                           IN  A       63.245.211.54
www                         IN  A       63.245.211.54

The framework of the public service is in place, and the cert has been ordered. 

I guess I need the cert from mrz and the key from Lloyd.
Assignee: server-ops-labs → zandr
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Comment 6

7 years ago
Dear Matthew Zeier,

Congratulations! GeoTrust has approved your request for a Enterprise SSL certificate. Your certificate is included at the end of this email.

INSTALLATION INSTRUCTIONS

1. INSTALL CERTIFICATE:
Install the X.509 version of your certificate included at the end of this e-mail.
For installation instructions for your SSL Certificate, go to:
http://www.geotrust.com/support/installation-instructions/index.html

2. INTERMEDIATE CERTIFICATE ADVISORY:
You MUST install the GeoTrust intermediate Certificate included at end of this e-mail on your server together with your Certificate or it may not operate correctly

You can also get your GeoTrust intermediate Certificates at:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&actp=CROSSLINK&id=AR1423

3. CHECK INSTALLATION:
Ensure you have installed your certificate correctly at:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO9557&actp=LIST

4. INSTALL THE GEOTRUST TRUE SITE SEAL:
Additionally, as part of your SSL Certificate Service, you are entitled to display the GeoTrust True Site Seal - recognized across the Internet and around the world as a symbol of authenticity, security, and trust - to build consumer confidence in your Web site.

Installation instructions for the GeoTrust True Site Seal can be found on the following link:
https://www.geotrust.com/support/true-businessid/true-site-seal/

Visit the GeoTrust Support Web site, where you will find a range of support tools to help you:
http://www.geotrust.com/support

Best regards,

GeoTrust Customer Support
http://www.geotrust.com/support
Hours of Operation: Mon - Fri 05:00 - 17:00 (PST)
Email:     esslorders@geotrust.com
Web:       http://www.geotrust.com
Phone:     1-866-436-8787 or 1-678-366-8399
Live Chat: http://www.geotrust.com/support


** MICROSOFT IIS and TOMCAT USERS
Microsoft and Tomcat users are advised to download a PKCS #7 formatted certificate from the GeoTrust User Portal:
https://products.geotrust.com/orders/orderinformation/authentication.do. PKCS #7 is the default format used by these vendors during installation and includes the intermediate CA certificate, you may also install the below web server certificate and intermediate CA certificate individually.

Web Server CERTIFICATE
-----------------

-----BEGIN CERTIFICATE-----
MIIEejCCA2KgAwIBAgIDAKGUMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM
IENBMB4XDTExMDUyNjE1MTEzN1oXDTEzMDUyODA5MzEzN1owgZsxKTAnBgNVBAUT
IFh4R1dISzh5UjMwVWpWUGdCNS1EZE51TE16cTZkMUU4MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG
A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEWMBQGA1UEAxMNYnJvd3NlcmlkLm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMXyGq5MGiUp8AYWqIl
9301+YfLVjG/2DWAUSlYqbqUutezwjhyfmYFiGwz9yVGJMMypCOJrTMgJ5eyi94W
luPWfDmBbmQm4RyoGOvpf2KcmsBpFhRTAtxBF1RMpYHrDMWPhnop65XCqAiU3cWW
gCylpmTIKFxtVFBlDtbN+8fNIddfrlvQoDlvryIx5bEHeJ0Uv/FVNln9CMItKPaj
gt1ot3RTPTPznKrQSMphbtAkE3u/p3uALd6+uLFIG8FoQtJlaEYJ9lUyrhjTVYpe
nXBrKs6DhFyxC+7wD5qz8tdUIXWm4IH49eDsY8cq1Q892EkhlKbmQoioVilqJjeY
UgECAwEAAaOCAR8wggEbMB8GA1UdIwQYMBaAFEJ5VBthzVUrPmPVPEhX9Z/7Rc5K
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
GAYDVR0RBBEwD4INYnJvd3NlcmlkLm9yZzA9BgNVHR8ENjA0MDKgMKAuhixodHRw
Oi8vZ3Rzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3NsLmNybDAdBgNVHQ4E
FgQUm/v3HoerCUCOkN7Ysuq2MH0b0kMwDAYDVR0TAQH/BAIwADBDBggrBgEFBQcB
AQQ3MDUwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9ndHNzbC1haWEuZ2VvdHJ1c3QuY29t
L2d0c3NsLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAjkZmSWTJGFbWUhkvEK1GTS84
PT4blndg0+qnXUVKa7M6HO97bI3doypBMmogs7vFu80YNZYXCJCnWigtDMaxQjjb
ah5sGK/t8lI6NJM8usDwzuGPNBG3T/Np8jXqv1jYh0vx54WGLo0PVkRztDXEsllK
gLrjKkQKMC0cg44lxwKVbz43vHqdQ42NkifvO5bbU4r7DSPMJX2T3cBMxrsLUwW1
ogAT79pL45z5rkA8yKqv4hbI7NwiQegKwPGKgyr9dTU/4fgXe3CEWBEpulR5S0YM
6GgVkJ44wJ7OhD4y+IZftLe9jBJWQNRpUUYSbCv0SHESBr817aTSt0Fb9XCXQw==
-----END CERTIFICATE-----


INTERMEDIATE CA:
---------------------------------------

-----BEGIN CERTIFICATE-----
MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0
IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat
cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu
FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR
8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh
dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50
96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN
d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5
VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov
L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI
hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji
J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES
0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk
2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V
4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE
TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ=
-----END CERTIFICATE-----
(Reporter)

Comment 7

7 years ago
Zandr, the key is in 
/etc/ssl/browserid 
on
browserid.vm1.labs.sjc1.mozilla.com. IN A 10.110.4.49

Does that work for you?
(Assignee)

Comment 8

7 years ago
Worked great, the cert is installed in the load balancer and we're ready to go whenever you want to expose this to internet
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Reporter)

Comment 9

7 years ago
legendary!  we're ready to expose the vm right now.  it's going to be an iterative, out in the open thingy.  Shall I open another ticket requesting the balancer point at the vm?
(Assignee)

Comment 10

7 years ago
Please do. My normal MO is to do ssl decrypt on the balancer, redirect http to https, and hand it all to the origin server at plaintext http on port 80.

If you want something different, put that in the new bug.
(Assignee)

Comment 11

7 years ago
We need to re-issue this cert from the CSR below so we get both the www. and the bare domain.


-----BEGIN CERTIFICATE REQUEST-----
MIIDRTCCAi0CAQAwgbMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBv
cmF0aW9uMRYwFAYDVQQLEw1JVCBPcGVyYXRpb25zMRowGAYDVQQDExF3d3cuYnJv
d3NlcmlkLm9yZzElMCMGCSqGSIb3DQEJARYWaG9zdG1hc3RlckBtb3ppbGxhLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZal5tT6mZqKE3RM3SK
zi9E9rjhKypv2iSD3EQDFb6Uuy/fLQxQzE49QTI8FO+w7T1Hmubpsoisf4D1MRjD
iInL3JCZIZ+M7yfDc4vc32s4/+Fb0ONrdf93Qo2OOcLt/TAwrHfhkz7QLBmpaMP4
2GYJ/pTSb4NS+DrV27xz52XOn+rjqE6aOoOyvClnMoFtOrwjPStd5Wpb4OvVO081
M0kDCMxo8fGbypOS5+A2lp4GnstMHHvQIXHqV2Jm6X1qNG/v6FBBON0H6xc5TfN4
Wh0gpS1cyCB+5Dr/Q7AOaV3lPZMJBgChCgjsV9KbS7DZTn0N4BF0MpvvaAnhWEhC
e8cCAwEAAaBMMEoGCSqGSIb3DQEJDjE9MDswEQYJYIZIAYb4QgEBBAQDAgZAMAwG
A1UdEwEB/wQCMAAwGAYDVR0RBBEwD4INYnJvd3NlcmlkLm9yZzANBgkqhkiG9w0B
AQUFAAOCAQEASAjpikAFk0jUuADT89tFj1J1NSR5ZxG4krt93g3+LuX+EXifgs9d
ZvoRLNf5kXDjU1gzmMcQ8IPcQr8167QbjU9iQv0nx/RyLKGIGux2kvyds5FZjCTP
jXW3S8LpgYG8CHkCCTA9nXgR6EXiSjLz0nD8MhqZ7FqhyXeqkKsGueTxXHDOGAiS
Fyd0oxTblynkoWQhEuEcVYXWitt82kKDKCX8nZI5nCa4bZhjMv7fRbw5bELHsmmH
sVzYTz/cwvS9gDbrj4bJ7R2aesF7U7ltDVUJt/Y/pMe8RjmY2Xk+IDdVSNsOfKmx
gxVG597fS4pUYJmxj0E9fyXLg8Fdrym22Q==
-----END CERTIFICATE REQUEST-----
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 12

7 years ago
New cert installed.
Status: REOPENED → RESOLVED
Last Resolved: 7 years ago7 years ago
Resolution: --- → FIXED

Updated

5 years ago
See Also: → bug 894965
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.