Closed Bug 701331 Opened 14 years ago Closed 14 years ago

Mozilla Labs (mozillalabs.com) SSL certificate has expired

Categories

(Infrastructure & Operations Graveyard :: WebOps: Labs, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Labs
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kohei, Assigned: cliang)

References

(
URL
)

Details

No description provided.
OS: Mac OS X → All
Hardware: x86 → All
I think we decided to not renew this. Passing to Zandr for comment. Punt back to server-ops with CSR if this does need to be renewed.
Assignee: server-ops → server-ops-labs
Component: Server Operations → Server Operations: Labs
QA Contact: cshields → zandr
Summary: Mozilla Labs SSL cert has expired → Mozilla Labs (mozillalabs.com) SSL certificate has expired
I suspect I am seeing an error in my Firefox because Test Pilot is installed, and it's trying to do do some sort of update ping to look for new tests. This means all Test Pilot installations will see it! Please get a new cert ASAP. Gerv
Sorry, I'm smoking crack. The errors are appearing in Thunderbird - and more than one. Could be Thunderbird Conversations... Anyway, there's something out there which needs this cert. Gerv
It is Test Pilot, I think: http://mxr.mozilla.org/mozilla-central/search?string=mozillalabs.com http://mxr.mozilla.org/comm-central/search?string=mozillalabs.com There's code there which does an explicit check for the cert - but I think actually the cert error will get thrown even before that check is reached. Gerv
(In reply to Shyam Mani [:fox2mike] from comment #1) > I think we decided to not renew this. Passing to Zandr for comment. Punt > back to server-ops with CSR if this does need to be renewed. Not sure where mozillalabs.com is hosted from (dyna-labs.nslb.sj.mozilla.com.), but in the labs Zeus cluster, there is a ssl certificate for *.mozillalabs.com that doesn't expire for a while. We should probably just swap this certificate in to replace the one that expired.
:gozer- Please do. You can find the certs on the Zeus in /usr/local/zeus/zxtm/conf/ssl/server_keys if nowhere else. I'm behind truly horrid connectivity here in the hotel in Berlin. It's just the netscaler that needs updating.
(In reply to Shyam Mani [:fox2mike] from comment #1) > I think we decided to not renew this. Passing to Zandr for comment. Punt > back to server-ops with CSR if this does need to be renewed. Test Pilot still needs it! The client needs to verify the identity of the server before downloading remote code to execute. It's mission-critical for the User Research team. Can we increase the priority?
Assignee: server-ops-labs → gozer
(In reply to Gervase Markham [:gerv] from comment #5) > It is Test Pilot, I think: > > http://mxr.mozilla.org/mozilla-central/search?string=mozillalabs.com > http://mxr.mozilla.org/comm-central/search?string=mozillalabs.com This is strange, as this code looks like it's checking in with testpilot.mozillalabs.com, which is a different, and valid certificate. > There's code there which does an explicit check for the cert - but I think > actually the cert error will get thrown even before that check is reached. Would be interesting to track down what is talking to mozillalabs.com directly.
Thanks to dmoore, we now have the new, valid certificate in place.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
(In reply to Jono X from comment #8) > Test Pilot still needs it! The client needs to verify the identity of the > server before downloading remote code to execute. It's mission-critical for > the User Research team. Can we increase the priority? Jono- It was only the certificate on https://mozillalabs.com (the old website) that expired. https://testpilot.mozillalabs.com was fine. We need to figure out what in testpilot is hitting the labs (wordpress) site, since it's due for an overhaul anyway.
Someone needs to check the logs on mozillalabs.com. I tried using wireshark for a while to see if it could catch anything, but it didn't. And reading code doesn't seem to have helped. Gerv
https://mozillalabs.com/ certificate expired again: mozillalabs.com utilise un certificat de sécurité invalide. Le certificat a expiré le 28/06/2013 01:33. La date courante est 28/06/2013 10:54. (Code d'erreur : sec_error_expired_certificate)
Assignee: gozer → cliang
The SSL certificate was recently renewed but the service hosting mozillalabs.com was not updated. I believe that I have fixed it. Please let me know if it works for you. cliang-07757:~ cliang$ curl -v https://mozillalabs.com * About to connect() to mozillalabs.com port 443 (#0) * Trying 63.245.217.86... connected * Connected to mozillalabs.com (63.245.217.86) port 443 (#0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: serialNumber=8DZwltU1cw7OP-08XVgEwK/bh8Icw4zX; C=US; ST=California; L=Mountain View; O=Mozilla Corporation; OU=Mozilla Labs; CN=*.mozillalabs.com * start date: 2013-06-24 19:57:04 GMT * expire date: 2015-08-26 21:24:59 GMT * subjectAltName: mozillalabs.com matched * issuer: C=US; O=GeoTrust, Inc.; CN=GeoTrust SSL CA * SSL certificate verify ok.
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.