Add nagios checks for SSL certificates on mozqa.com

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations
RESOLVED FIXED
6 years ago
3 years ago

People

(Reporter: whimboo, Assigned: rbryce)

Tracking

Details

(URL)

(Reporter)

Description

6 years ago
We are missing nagios checks for our SSL certificates on mozqa.com. Please add those for the following certificates / virtual hosts:

www.mozqa.com with an OV certificate.
ssl-ov.mozqa.com at 67.23.44.24 with an OV certificate. (from bug 639936).
ssl-dv.mozqa.com at 67.23.47.228 with a DV certificate (from bug 639932).

Not sure if we can also manage a self-signed cert we would also have to re-new internally:

ssl-selfsigned.mozqa.com at 67.23.47.254 with a self-signed certificate (from bug 639939).

More information see the attached URL.
Assignee: server-ops → afernandez
(Assignee)

Comment 1

6 years ago
I added the checks for the ssl-ov and ssl-dv.  I can make a check for your ssl-selfsigned, however Op-Sec and myself would like to know the use of the selfsigned certificate.  Selfsigned certs are usually not allowed on public facing sites.
Assignee: afernandez → rbryce.bugs
(Assignee)

Comment 2

6 years ago
Your checks are working.  FYI- ssl-ov.mozqa.com is Expired 

[13:38:29] <nagios-scl3> rbryce: ssl-dv.mozqa.com:HTTPS - SSL Cert expiration is OK - OK - Certificate will expire on 07/06/2014 12:14.


[13:38:49] <nagios-scl3> rbryce: ssl-ov.mozqa.com:HTTPS - SSL Cert expiration is CRITICAL - CRITICAL - Certificate expired on 06/24/2012 21:28.
(Reporter)

Comment 3

6 years ago
(In reply to Rick Bryce [:rbryce] from comment #1)
> ssl-selfsigned, however Op-Sec and myself would like to know the use of the
> selfsigned certificate.  Selfsigned certs are usually not allowed on public
> facing sites.

Rick, we make use of self-signed certs for our manual (Litmus and Moztrap) and Mozmill tests. Therefore mozqa.com has been setup to handle all of those requests.

Comment 4

6 years ago
Henrik,

We generally discourage the use of self-signed certs, even in staging/development/qa environments. I see that you are using it for "testing", but could you explain why your testing needs a self-signed cert?
(Reporter)

Comment 5

6 years ago
(In reply to Joe Stevensen [:joes] from comment #4)
> We generally discourage the use of self-signed certs, even in
> staging/development/qa environments. I see that you are using it for
> "testing", but could you explain why your testing needs a self-signed cert?

Because we in QA have to test that we correctly handle self-signed certificates with Firefox. How would you do that if you don't have a self-signed certificate used by one of our testing web sites? As said, mozqa.com has been setup to support that on the above given dedicated sub domain only. Otherwise we also run HTTP and HTTPS via all kinds of SSL certs too.

Comment 6

6 years ago
Henrik, 

That makes complete sense. We're fine with using these certs for Firefox testing.
(Assignee)

Comment 7

6 years ago
All 3 checks are in place.  Thx Op-sec, for the input.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Reporter)

Comment 8

6 years ago
Thanks a lot for the quick turnaround!
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.