Closed Bug 731487 Opened 13 years ago Closed 13 years ago

https://air.mozilla.org - invalid cert

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mozilla, Assigned: fox2mike)

Details

I'm using Convergence ( http://convergence.io/ ) and am unable to get to air.mozilla.org because of a bad cert without disabling it. It's currently using tbpl's cert and should have its own. Alternatively, http should stop redirecting to https. Is this a self-signed cert? Hoping that creating a cert for air.mozilla.org will fix it.
This probably means convergence.io isn't respecting SNI (http://en.wikipedia.org/wiki/Server_Name_Indication). SNI is awesome because it allows us to have multiple websites with SSL on a single IP, without wasting an IP per SSL enabled site. I don't think we should be moving away from that either. I'm not sure what you want us to fix when it's your addon that's broken :)
Assignee: server-ops → shyam
Component: Server Operations → Server Operations: Web Operations
QA Contact: phong → cshields
Here is proof that the certificate isn't the issue : fox2mike@woodpecker ~ $ curl -v -I -L https://air.mozilla.org/ * About to connect() to air.mozilla.org port 443 (#0) * Trying 63.245.217.86... * connected * Connected to air.mozilla.org (63.245.217.86) port 443 (#0) * found 165 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification OK * common name: air.mozilla.org (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: serialNumber=c53a1PphN0FeL9ofPUwWSW5DaQ5xgwLp,C=US,ST=California,L=Mountain View,O=Mozilla Corporation,OU=IT,CN=air.mozilla.org * start date: Sun, 27 Nov 2011 06:03:18 GMT * expire date: Fri, 29 Nov 2013 18:17:27 GMT * issuer: C=US,O=GeoTrust\, Inc.,CN=GeoTrust SSL CA * compression: NULL * cipher: ARCFOUR-128 * MAC: SHA1 > HEAD / HTTP/1.1 > User-Agent: curl/7.24.0 (i686-pc-linux-gnu) libcurl/7.24.0 GnuTLS/2.10.5 zlib/1.2.5 > Host: air.mozilla.org > Accept: */* And for the sake of showing this works : fox2mike@woodpecker ~ $ curl -v -I -L https://tbpl.mozilla.org/ * About to connect() to tbpl.mozilla.org port 443 (#0) * Trying 63.245.217.86... * connected * Connected to tbpl.mozilla.org (63.245.217.86) port 443 (#0) * found 165 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification OK * common name: tbpl.mozilla.org (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: serialNumber=I1oZ-yurbFWiPu/xP8HIzW3f9mApQvMv,C=US,ST=California,L=Mountain View,O=Mozilla Corporation,OU=IT,CN=tbpl.mozilla.org * start date: Sun, 27 Nov 2011 19:32:01 GMT * expire date: Fri, 29 Nov 2013 20:26:17 GMT * issuer: C=US,O=GeoTrust\, Inc.,CN=GeoTrust SSL CA * compression: NULL * cipher: ARCFOUR-128 * MAC: SHA1 > HEAD / HTTP/1.1 > User-Agent: curl/7.24.0 (i686-pc-linux-gnu) libcurl/7.24.0 GnuTLS/2.10.5 zlib/1.2.5 > Host: tbpl.mozilla.org > Accept: */*
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Alternatively, if convergence.io is blaming air.mozilla.org for mixed-mode SSL, let me know. That is something that is happening right now and that usually shouldn't be the case.
Looks like https://github.com/moxie0/Convergence/issues/28 . Thanks Shyam!
<3
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.