Closed Bug 802948 Opened 13 years ago Closed 13 years ago

Need new cert so we can migrate donate.mozilla.org to sendto.mozilla.org

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
All
Other
Type:
task
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bsimon, Assigned: cturra)

References

Details

We want to start using a different domain for what is currently donate.mozilla.org, since we use the pages on that domain for much more than fundraising campaigns. We'd like to switch to sendto.mozilla.org The constituent relationship management tool we use -- Blue State Digital -- has told us that we need to get the certificate for it, and then they can issue the CSR, and they'll make sure all the old urls out in the ether using donate.mozilla.org will resolve correctly. Anythign else needed from us?
Ben - before we issue a certificate for this new service, i would like to request a little more background on the project. can you please link this bug as a dependancy to the project tracking bug and any security review that has been done for blue state digital? additionally, the csr (certificate signing request) would come before the certificate since it's used to do the signing by a certificate authority.
Assignee: server-ops-webops → cturra
Hey Chris -- just to clarify, it's not a new service. We've been using Blue State for ~2 years, and it's already undergone its many reviews; this is just about moving the same stuff to a new subdomain. Does that change anything? I'm happy to hunt for the initial security bugs from a couple of years ago if you need em.
If we are just migrating the subdomain, then I don't think additional testing is required, but we should get feedback from the opsec team. I will ask them to take a look at this.
OpSec is ok with this.
thnx :joes & :yvan! Ben - can you have the vendor provide a little more details about what they need from us for digital certificate signing? do you want me to generate a certificate signing request (csr) for them to use?
Adding Seth from BSD.
Seth - can you please provide your feedback on my comment 6 above?
Chris, the last time we did this we generate the CSR and then sent to you. You then sent us a geo-trust cert to install. That still works for us. Is that still good for you?
(In reply to Seth Reznik from comment #9) > Chris, the last time we did this we generate the CSR and then sent to you. sure, that works for us. go ahead and have the csr generated -- you can paste it inline in this bug when it's ready.
here's that CSR: -----BEGIN CERTIFICATE REQUEST----- MIICuTCCAaECAQAwdDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxGzAZBgNVBAoTEk1vemlsbGEgRm91bmRh dGlvbjEbMBkGA1UEAxMSc2VuZHRvLm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA3eCpTzeZWmCvmV3EmZH2lL9snQq7VDbvV2XsqGcp rmTcxzCWSiK7MlXJ+C/vGldS67r9XZ7C1ZvZ5Aid7taDMEMTagbl/zBNgJTPlpvW TbxcuRY6+5hwC246VQRlX6OStUuZLz6tg2cfxISU0sTsjKPSSPkdAq7RnQ/bgQIf QAaAIJX2z1gCUh3yH1Q7ljJ324jM5RUw2wqZeUptJKdO96EogqRh43lCr6aTWPTy KHr3J+Mv7b8Il6ImXnQrP6E229LfY4QuT17eOXu32etoLBJiuPrApmqKRZZ11weB oumNZtAI5E3X7bCp0PaGas9YE8GNyCCdIfiYjJEktrxuZwIDAQABoAAwDQYJKoZI hvcNAQEFBQADggEBAFOPD6LlJGQbRcbARqA0CvHyN9uhvQ8x+HGAfOk+y3eGnY4c dZ026nBgnFdd36hmrI4IvnVkEKYd2dZ7EDP4i2NQFnnOTPKHDVHj+A8V5Aguwise hu1jrVlYgf1uV+taIkWnkkBeVSSKcCCE62BBh2NtjuCON2z3byaIRqc5UTTiFSQo 2XBY6i0hGg9ZpCAi9ipo/G0Fuc9AaTlEa5DtQpz+OFWnsaA4vF8PSYcX4Tie/iLA k5pjRZoGC9lZoE7HFp+MI3r7HYTYr+I+AUsD3c/vEL5Fn5m5B9PHbikAylHESk7o u4TY7q9TbmqflaFf+pi0j/6K6zrl+P9H/8XQE9M= -----END CERTIFICATE REQUEST-----
Seth - the following is the signed certificate and our CA's intermediate. Web Server CERTIFICATE ----------------- -----BEGIN CERTIFICATE----- MIIE/jCCA+agAwIBAgIDAclSMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEyMTAzMDEwMzExNVoXDTE0MTEwMjA2Mzk1N1owgaAxKTAnBgNVBAUT IFYxZU9oN1VtNkVEMUFpNUtydmdac3N4L0F0WDFtbzFxMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEbMBkGA1UEAxMSc2VuZHRvLm1vemls bGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eCpTzeZWmCv mV3EmZH2lL9snQq7VDbvV2XsqGcprmTcxzCWSiK7MlXJ+C/vGldS67r9XZ7C1ZvZ 5Aid7taDMEMTagbl/zBNgJTPlpvWTbxcuRY6+5hwC246VQRlX6OStUuZLz6tg2cf xISU0sTsjKPSSPkdAq7RnQ/bgQIfQAaAIJX2z1gCUh3yH1Q7ljJ324jM5RUw2wqZ eUptJKdO96EogqRh43lCr6aTWPTyKHr3J+Mv7b8Il6ImXnQrP6E229LfY4QuT17e OXu32etoLBJiuPrApmqKRZZ11weBoumNZtAI5E3X7bCp0PaGas9YE8GNyCCdIfiY jJEktrxuZwIDAQABo4IBnjCCAZowHwYDVR0jBBgwFoAUQnlUG2HNVSs+Y9U8SFf1 n/tFzkowDgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjAdBgNVHREEFjAUghJzZW5kdG8ubW96aWxsYS5vcmcwPQYDVR0fBDYwNDAy oDCgLoYsaHR0cDovL2d0c3NsLWNybC5nZW90cnVzdC5jb20vY3Jscy9ndHNzbC5j cmwwHQYDVR0OBBYEFKatX2J702RWlYGyOTd3XJWXNdaAMAwGA1UdEwEB/wQCMAAw bwYIKwYBBQUHAQEEYzBhMCoGCCsGAQUFBzABhh5odHRwOi8vZ3Rzc2wtb2NzcC5n ZW90cnVzdC5jb20wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9ndHNzbC1haWEuZ2VvdHJ1 c3QuY29tL2d0c3NsLmNydDBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggr BgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczAN BgkqhkiG9w0BAQUFAAOCAQEAAQ7U2c/2aqvm/itLagSSpNZoO4/HB6XLUN/xFCc/ fCVh7X3F88KRgnnnz3L+MJLPKb6wM9JES3tBGXlWvDYNojcjaZNL/zkQ88rVO4VO i2cxxXxAtEVo3cOFnBWwOJpxybsb2xcOOHZJIxEWzYIbejqhpk5bNPqcIzvhQVmn 9a8lxTmdoInw/87o5ssKmFpr6rQxONGpFSWTpGs/tGyCk1IVyG86ymCaOy2bjiPb 8Y5nnCl65zSiOC/mExf8DTxIIubSur57CjWlGeVQ+mQg9FDjx+Zhq5dfHxCcoCcP kcqS8WvIBCwRKALwQSMZ0ZcBYs58Zzd8IOBJ2UGEGJhgRA== -----END CERTIFICATE----- INTERMEDIATE CA: --------------------------------------- -----BEGIN CERTIFICATE----- MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0 IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR 8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50 96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5 VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4 ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES 0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk 2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V 4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ= -----END CERTIFICATE-----
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Thanks I am sending this to my systems team now. I will let you know if there are any questions.
Can you guys set the DNS for this sub-domain: sendto.mozilla.org. IN CNAME secure-mozilla-1.bsdtools.com.
Seth - i have committed this DNS change for you. it might take a little bit more time to propagate this record around the Internet. $ dig @ns1.mozilla.org sendto.mozilla.org ; <<>> DiG 9.7.6-P1 <<>> @ns1.mozilla.org sendto.mozilla.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50726 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;sendto.mozilla.org. IN A ;; ANSWER SECTION: sendto.mozilla.org. 600 IN CNAME secure-mozilla-1.bsdtools.com. ;; Query time: 58 msec ;; SERVER: 63.245.215.5#53(63.245.215.5) ;; WHEN: Thu Nov 1 08:48:33 2012 ;; MSG SIZE rcvd: 79
Great, thanks. That's all set now. Ben, let me know when we want to set the redirects.
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.