Closed Bug 749273 Opened 12 years ago Closed 12 years ago

Bad cert on wiki.mozilla.org?

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
All
Other
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: clouserw, Assigned: bburton)

References

Details

+++ This bug was initially created as a clone of Bug #745967 +++

I can't reproduce this but it's the same tbpl problem we've been having.  See https://forums.mozilla.org/addons/viewtopic.php?f=30&t=9683&p=20803
I can't reproduce this, directly (in my normal Firefox profile), either...however, some interesting results...

DigiCert's Cert Tester says it's fine...

https://www.digicert.com/help/?host=wiki.mozilla.org

SSL Labs's Cert Tester says "Certificate not valid for domain name" pointing to tbpl.mozilla.org

https://www.ssllabs.com/ssltest/analyze.html?d=wiki.mozilla.org&hideResults=on

They both report the same IP, 63.245.217.86 for wiki.mozilla.org (& traceroute on the IP says: generic.zlb.phx.mozilla.net), so I don't know how they can get different results.

In any case, this is confirmed by the SSL Labs results.

(I don't know if I need to, but I don't think I have permission to edit/add to the URL field of this bug?...I would point it at the SSL Labs results, since it confirms the bug)
Unfortunately, this appears to be a lack of SNI support from various things. 

webops is looking into a permanent resolution
Assignee: server-ops → bburton
Status: NEW → ASSIGNED
(In reply to Wil Clouser [:clouserw] from comment #0)
> +++ This bug was initially created as a clone of Bug #745967 +++
> 
> I can't reproduce this but it's the same tbpl problem we've been having. 
> See https://forums.mozilla.org/addons/viewtopic.php?f=30&t=9683&p=20803

Where have you been having this problem? (since you mention same tbpl problem..)
The problem referred to before was when we moved forums to PHX and had to add the two SAN to the forums.m.o certificate.
(In reply to Brandon Burton [:solarce] from comment #4)
> The problem referred to before was when we moved forums to PHX and had to
> add the two SAN to the forums.m.o certificate.

Wasn't that an entirely unrelated issue though?
Unrelated in cause, but seeming related in that a user saw the same cert error, but once for forums.amo and once for wikimo
Upon looking for any certificate related info in my Firefox settings, I found this...
Under Tools -> Options -> Advanced -> Encryption Tab, I noticed that "Use TLS 1.0" was not checked, only "Use SSL 3.0 was checked".
So, based on info I received about SNI, I thought I would try also checking the box for "Use TLS 1.0", to see what would happen, and then I was able to access the site in question.  Maybe someone else can try unchecking that box to see if it reproduces the problem.

So, this problem appears to be fixed for me now, provided that is the proper default setting, yet I have no idea how it may have gotten changed.  I do recall having a disastrous update to Firefox sometime prior to that, where all of my addons were lost and had to be reinstalled, but I don't know if that could be related.  I had not tried this before, because I don't make a habit of changing settings that I am not familiar with.
Sorry for any trouble I may have caused, and thank you for the help.
wiki.mozilla.org has been given it's own IP, so users who don't have SNI support will no longer see certificate issues.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.