Closed
Bug 783689
Opened 12 years ago
Closed 11 years ago
Need an SSL cert for beta.openbadges.org
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task, P4)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: chris, Assigned: cturra)
Details
(Whiteboard: [triaged 20120824])
beta isn't the final url though, if possible a wildcard cert for openbadges.org would be ideal.
Comment 1•12 years ago
|
||
Chris, We are generally not doing wildcard SSL certs these days. I will cc Michael Coates for his thoughts / approval for this. In the mean time I have submitted a request to have the openbadges.org domain added to our authorized list of domains in Geotrust (our SSL cert provider) so I can get certs for this domain. This process typically takes about 2 business days and is necessary weather we get a wildcard cert or not.
Updated•12 years ago
|
Whiteboard: [waiting][Approval]
Comment 2•12 years ago
|
||
The domain has been added to Geotrust. Just waiting for discussion / approval from security.
Reporter | ||
Comment 3•12 years ago
|
||
Do they know? Or am I supposed to contact them?
Comment 4•12 years ago
|
||
Chris, I cc mcoates but if you contact someone directly it may speed up the process. TBH I am not positive who is the decider for these things now only that mcoates probably knows who is.
Comment 5•12 years ago
|
||
cmac: can you just list a bunch of domains you want certs for? AFAIK we're realy trying to phase out wildcards so the former way will go much faster i believe. If we have a real need for a wildcard, list it here.
Comment 6•12 years ago
|
||
(In reply to David Ascher (:davida) from comment #5) > cmac: can you just list a bunch of domains you want certs for? AFAIK we're > realy trying to phase out wildcards so the former way will go much faster i > believe. If we have a real need for a wildcard, list it here. Would be great to do a subject alternate name cert where we list the domains specifically (as davida recommends). Let's chat more if this isn't possible.
Updated•12 years ago
|
Priority: -- → P3
Whiteboard: [waiting][Approval] → [triaged 20120824][waiting][Approval]
Comment 7•12 years ago
|
||
(In reply to Chris McAvoy from comment #0) > beta isn't the final url though, if possible a wildcard cert for > openbadges.org would be ideal. I wouldn't block on the final name - cert's are overly expensive. We can also re-issue SAN certs with new names without penalty.
Comment 8•12 years ago
|
||
Renormalizing priority levels... P4 is "normal" now. I presume mrz meant certs are *not* overly expensive. SAN and wildcard certs do cost more than basic ones, though (just so we're on the same page). @cmac: are we still okay to go ahead with a basic cert for beta.openbadges.org? Where would this be hosted? The IP that beta.openbadges.org resolves to doesn't seem to go to our Zeus LBs, but it is a Mozilla-controlled IP. It's not a site I am familiar with...
Priority: P3 → P4
Whiteboard: [triaged 20120824][waiting][Approval] → [triaged 20120824][waiting][needinfo]
Reporter | ||
Comment 9•12 years ago
|
||
Hi all, I just realized that this ticket died with a ball in my court. Can I confirm that you all are waiting on 2 things from me, 1) a list of the sub-domains we want to be SSL'd, and 2) the location of the server? Is that it? If so, I can get answers tomorrow morning...
Comment 10•12 years ago
|
||
(In reply to Chris McAvoy from comment #9) > Hi all, I just realized that this ticket died with a ball in my court. Can I > confirm that you all are waiting on 2 things from me, 1) a list of the > sub-domains we want to be SSL'd, and 2) the location of the server? > > Is that it? If so, I can get answers tomorrow morning... Yes, please provide a list of the domains and we'll order a SAN certificate for them Thanks!
Reporter | ||
Comment 11•12 years ago
|
||
beta.openbadges.org staging.openbadges.org api.openbadges.org www.openbadges.org openbadges.org Thanks!
Assignee | ||
Updated•12 years ago
|
Assignee: server-ops-webops → cturra
Assignee | ||
Comment 12•12 years ago
|
||
SAN certificate ordered. waiting on approval process from our ca, which can take up to a couple business days.
Status: NEW → ASSIGNED
Assignee | ||
Updated•12 years ago
|
Whiteboard: [triaged 20120824][waiting][needinfo] → [triaged 20120824][pending ca approval]
Assignee | ||
Comment 13•12 years ago
|
||
you can find the key on ssl1.private.phx1. let me know if you need a hand with that. X509v3 Subject Alternative Name: DNS:www.openbadges.org, DNS:api.openbadges.org, DNS:staging.openbadges.org, DNS:beta.openbadges.org, DNS:openbadges.org web server cert: === -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIDAbDvMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEyMDkxODIwMDYwNloXDTE0MDkyMTIyMDYxN1owgbExKTAnBgNVBAUT IEc4bS8wdUFWc1Z4L3pZMjdjUU9vRjhJaFBnc0tLWUNMMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjETMBEGA1UECxMKT3BlcmF0aW9uczEX MBUGA1UEAxMOb3BlbmJhZGdlcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDjWKt3pPG9MH7XYaaa8qimPiA4O2o4gb0roNgBnwPTlEA+iGqdvuPz HEy9TJAz0Xm/5L95xtKD4vQNSqmGhoPyxiiwJb4xvHxxKUiRQtIRac5/yfUokEJt 8DcaZUbYGbvD5Zq64wjHARB2LJBbzgUHUssUSwxTvJGFwyCu2EGg+2qP6hw9CENQ 7YE2KdfIDJ2InC+V5EgNe/UGenDCc2LbtJyllSUu4bl2py3NtsX0btRW/hwILmp5 LdysZBk3FMi5iKcQRG7iwSOiM3HsZuoHKBFGKgomQDi2as2+Q6cjwWJ0C9e7tBeq FekViUTZYv7xuRsTlw5GdutMmNe93NmhAgMBAAGjggHvMIIB6zAfBgNVHSMEGDAW gBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMG4GA1UdEQRnMGWCEnd3dy5vcGVuYmFkZ2Vz Lm9yZ4ISYXBpLm9wZW5iYWRnZXMub3JnghZzdGFnaW5nLm9wZW5iYWRnZXMub3Jn ghNiZXRhLm9wZW5iYWRnZXMub3Jngg5vcGVuYmFkZ2VzLm9yZzA9BgNVHR8ENjA0 MDKgMKAuhixodHRwOi8vZ3Rzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3Ns LmNybDAdBgNVHQ4EFgQUacPXaEvG9CODC/LlsxiK+/KUJLcwDAYDVR0TAQH/BAIw ADBvBggrBgEFBQcBAQRjMGEwKgYIKwYBBQUHMAGGHmh0dHA6Ly9ndHNzbC1vY3Nw Lmdlb3RydXN0LmNvbTAzBggrBgEFBQcwAoYnaHR0cDovL2d0c3NsLWFpYS5nZW90 cnVzdC5jb20vZ3Rzc2wuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEG CCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3Bz MA0GCSqGSIb3DQEBBQUAA4IBAQBaQxrbLT89FxqsLs1MC9EXIv96l17YpxUn4xK2 7+3+pIsliAO+f/0x4BsejsrGztWbNbsSbP7JURL87dvlak38uJUMNQJEL26iL6dF pW5vJ6BLdOpAd/f1yYpUcIGXvBlhDEV2GLk1GDruLxQ3dNmvFIGHvveqemRXCIEd 8hE6e1icWyPdQvx5bnJLtjZ/HYncoKXppqMrd23CDjhZbul8LOgS2M5X3S/hvmOj +GGVer25IkGdU6/th4wrN+vdA4/A5s8rokvYafGhwJDx4Bzrc4qeZ26Dj/43KKoc l6pSDL+3ThZJbRJFm5wasiT1/HRqifA8YCwadBNrmSHgnAdQ -----END CERTIFICATE----- geotrust intermediate cert: === -----BEGIN CERTIFICATE----- MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0 IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR 8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50 96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5 VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4 ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES 0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk 2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V 4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ= -----END CERTIFICATE-----
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [triaged 20120824][pending ca approval] → [triaged 20120824]
Comment 14•11 years ago
|
||
Hello, I've just emailed Chris regarding acquiring the private keys for the san cert, but in the near term,can we please add backpack.openbadges.org to the SAN please. Acknowledging that can take a couple days, the timeline we're looking at for launch is Thursday being in QA. I appreciate the help, many thanks! JP johns@mozillafoundation.org
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Updated•11 years ago
|
Flags: needinfo?
Assignee | ||
Comment 15•11 years ago
|
||
JP - i have completed the signing of a new SAN cert that includes this new alternative domain. during the process i had to generate a new csr/private key - you can find those are ss1l.private.phx1. ping :gozer for it if you do not have access. -----BEGIN CERTIFICATE----- MIIFezCCBGOgAwIBAgIDAgLAMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEzMDIxMTExMjgyMVoXDTE0MDkyMjIxMzEzNVowgbExKTAnBgNVBAUT IHBXMG16ZEVlZHZOOEZ0T2pXNUZTWDVBNzRhWmstcVpFMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjETMBEGA1UECxMKT3BlcmF0aW9uczEX MBUGA1UEAxMOb3BlbmJhZGdlcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC3jEIoBnri49t5s2wL3wHPM3UltoTB3FGcOwSkMT3AIZSHyaQDM9MJ sAkGjE2SPEmjxjVuOP/Ryws7Mih1tkaUcyeo9v8MuKh4UFodEqs0w3NDNi5/K6zf 0xxM/HS7k0K0hBMMLJ481NkeUVk9eiZeKL++e7cI7FZwjAnJ3+0LigrNXVcXGM5M KCNLf1PDJtbH9CdubwViMimksnRmsaG9mwYkcEh7JiBFjfjdWcd6LNwiWtyEQ+Hf EdP60E3OzpV304I9BKglIKdO+TNesCPwu/iDmfh+1xiy8zbuuh2WOwHnQ8CNg/vG iLgoYBmZFrPIqX/dooC7Kwr8t6W+XTGtAgMBAAGjggIKMIICBjAfBgNVHSMEGDAW gBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGIBgNVHREEgYAwfoISd3d3Lm9wZW5iYWRn ZXMub3JnghJhcGkub3BlbmJhZGdlcy5vcmeCFnN0YWdpbmcub3BlbmJhZGdlcy5v cmeCE2JldGEub3BlbmJhZGdlcy5vcmeCF2JhY2twYWNrLm9wZW5iYWRnZXMub3Jn gg5vcGVuYmFkZ2VzLm9yZzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vZ3Rzc2wt Y3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3NsLmNybDAdBgNVHQ4EFgQUG+e4w+r/ XnPSLuVBIWo3auzb7wkwDAYDVR0TAQH/BAIwADBvBggrBgEFBQcBAQRjMGEwKgYI KwYBBQUHMAGGHmh0dHA6Ly9ndHNzbC1vY3NwLmdlb3RydXN0LmNvbTAzBggrBgEF BQcwAoYnaHR0cDovL2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MEwG A1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3 Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IBAQAI 6HyV6cgOtQSz0JQCjiykfebLxm6EWdh1K2fYGCwpBK4D/OJzovHoMaTc6FEE136D 3o407pmIezVL4xl0F0yLgi5kpJNkFgdBIuXFIGaUY9+dFVj1MdL7NH4f8NTZZyiP m9hiT7Qzrdna9y4reNxRX3d64/5Wp3n6fB5EhlGcBuCwiQhcI+TLG/+6XhDJTml1 yGsl/vdFx8op4VNnZ+AhLzcOXHevrxMcr1032ASOp1wJCyo7YxtPKtyNkmaediqy 4FnURsbNEJZEsdUhGDcj7IRRcVekf+LQXaDttCU5pbLdCAv/0M6cKbYDY4TibdOr 4REsvC8ThsbwLV1NOBJJ -----END CERTIFICATE-----
Status: REOPENED → RESOLVED
Closed: 12 years ago → 11 years ago
Flags: needinfo?
Resolution: --- → FIXED
Comment 16•11 years ago
|
||
Key sent to jp
Comment 17•11 years ago
|
||
Sorry to reopen! Can we please to add backpack.openbadges.org to the SAN?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 18•11 years ago
|
||
Or, rather, verify it is on the list?
Assignee | ||
Comment 19•11 years ago
|
||
JP - this certificate already includes backpack.openbadges.org. you can see this using the following `openssl` command: $ openssl x509 -text -in <public_cert> ... X509v3 Subject Alternative Name: DNS:www.openbadges.org, DNS:api.openbadges.org, DNS:staging.openbadges.org, DNS:beta.openbadges.org, DNS:backpack.openbadges.org, DNS:openbadges.org
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
Comment 20•11 years ago
|
||
Ah, excellent trick thanks! Also, gracias for verifying!
Updated•11 years ago
|
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•