We are missing nagios checks for our SSL certificates on mozqa.com. Please add those for the following certificates / virtual hosts: www.mozqa.com with an OV certificate. ssl-ov.mozqa.com at 18.104.22.168 with an OV certificate. (from bug 639936). ssl-dv.mozqa.com at 22.214.171.124 with a DV certificate (from bug 639932). Not sure if we can also manage a self-signed cert we would also have to re-new internally: ssl-selfsigned.mozqa.com at 126.96.36.199 with a self-signed certificate (from bug 639939). More information see the attached URL.
I added the checks for the ssl-ov and ssl-dv. I can make a check for your ssl-selfsigned, however Op-Sec and myself would like to know the use of the selfsigned certificate. Selfsigned certs are usually not allowed on public facing sites.
Assignee: afernandez → rbryce.bugs
Your checks are working. FYI- ssl-ov.mozqa.com is Expired [13:38:29] <nagios-scl3> rbryce: ssl-dv.mozqa.com:HTTPS - SSL Cert expiration is OK - OK - Certificate will expire on 07/06/2014 12:14. [13:38:49] <nagios-scl3> rbryce: ssl-ov.mozqa.com:HTTPS - SSL Cert expiration is CRITICAL - CRITICAL - Certificate expired on 06/24/2012 21:28.
(In reply to Rick Bryce [:rbryce] from comment #1) > ssl-selfsigned, however Op-Sec and myself would like to know the use of the > selfsigned certificate. Selfsigned certs are usually not allowed on public > facing sites. Rick, we make use of self-signed certs for our manual (Litmus and Moztrap) and Mozmill tests. Therefore mozqa.com has been setup to handle all of those requests.
Henrik, We generally discourage the use of self-signed certs, even in staging/development/qa environments. I see that you are using it for "testing", but could you explain why your testing needs a self-signed cert?
(In reply to Joe Stevensen [:joes] from comment #4) > We generally discourage the use of self-signed certs, even in > staging/development/qa environments. I see that you are using it for > "testing", but could you explain why your testing needs a self-signed cert? Because we in QA have to test that we correctly handle self-signed certificates with Firefox. How would you do that if you don't have a self-signed certificate used by one of our testing web sites? As said, mozqa.com has been setup to support that on the above given dedicated sub domain only. Otherwise we also run HTTP and HTTPS via all kinds of SSL certs too.
Henrik, That makes complete sense. We're fine with using these certs for Firefox testing.
All 3 checks are in place. Thx Op-sec, for the input.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Thanks a lot for the quick turnaround!
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.