SSL certificate request for moztw.org, *.moztw.org, and gfx.tw

RESOLVED INCOMPLETE

Status

RESOLVED INCOMPLETE
6 years ago
5 years ago

People

(Reporter: petercpg, Unassigned)

Tracking

Details

(Whiteboard: [triaged 20121109][approved][needinfo])

Hi there, 

We would like to apply SSL certificates for following domains. Is it needed to provide more information or to attach CSRs?

1) moztw.org
2) *.moztw.org

Mozilla Taiwan Community (MozTW) is the localizing and local supporting community of Mozilla. We provide localized information about Mozilla, Product Download (linked to download.m.o), Forum, Wiki, and other services.

3) gfx.tw

gfx.tw is a open-sourced Firefox add-on promoting and suggesting website made by MozTW members.
Whiteboard: [approved]
Assignee: nobody → arzhel
Component: Community IT Requests → Server Operations
Product: Mozilla Reps → mozilla.org
QA Contact: jdow
Version: unspecified → other
Arzhel, any update?
QA Contact: jdow → shyam

Updated

6 years ago
Component: Server Operations → Community IT Requests
Product: mozilla.org → Mozilla Reps
QA Contact: shyam
Version: other → unspecified
Please don't move these bugs to Server Operations, thanks!
This needs first the approval from Mozilla Reps, then if you get a green light, it can be moved to IT to be processed.
Assignee: arzhel → nobody

Comment 4

6 years ago
(In reply to Arzhel Younsi [:XioNoX] (On vacation until October) from comment #3)
> This needs first the approval from Mozilla Reps, then if you get a green
> light, it can be moved to IT to be processed.

Didn't William Duyck approve this on 8/1 and move to IT on 8/15?
Yes! Adding the flag for good measure :)
Flags: remo-approval+
WebOps, can you create the requested SSL certificates?
Assignee: nobody → server-ops-webops
Component: Community IT Requests → Server Operations: Web Operations
Flags: remo-approval+
Product: Mozilla Reps → mozilla.org
QA Contact: cshields
Version: unspecified → other
Really Arzhel? We don't do wildcard SSL certs anymore. For us to also get SSL certs, we need to own those domains. Do we?
(In reply to Shyam Mani [:fox2mike] from comment #7)
> Really Arzhel? We don't do wildcard SSL certs anymore. For us to also get
> SSL certs, we need to own those domains. Do we?

Just wanna make sure about the policy, is it needed to transfer these domain's ownership to Mozilla when issuing Certs?

https://wiki.mozilla.org/MCS:Hosting#SSL_Certificate did not say so, but if the answer is yes, we would cancel the request.
Peter, to clarify :

We prefer to buy SSL certs from Geotrust, through our account with them. They will not allow us to issue certs for domains that are not owned by us. 

There are possibly other options like digicert, but I'm not sure what MCS has done in the past. Arzhel?

Updated

6 years ago
Summary: SSL certicifate request for moztw.org, *.moztw.org, and gfx.tw → SSL certificate request for moztw.org, *.moztw.org, and gfx.tw
Flags: needinfo?(arzhel)
Whiteboard: [approved] → [triaged 20121109][approved][needinfo]
In the past we only ordered certs for domains owned by us, so this request is a first time for us.
Flags: needinfo?(arzhel)
Any update? Do we still wanna help Remos order certs their mozilla-related sites?

Comment 12

5 years ago
From webops point of view we are happy to help in any way we can. Currently we must own the domain to issue certificates. It seems this is not an option as per c#8. We are looking into other vendors for SSL certs but the final decision has not been made and I am not sure what the policy will be at that time. At the moment the policy is driven by our vendor and we have no control over it.

I am going to close this bug now but please reopen if I have misunderstood the previous comment. Further you may wish to ping this again after a while to see if there have been any changes to the policy.

Regards
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.