Closed Bug 819054 Opened 12 years ago Closed 12 years ago

Create reviewers-only certificate for signing apps on prod.

Categories

(Cloud Services :: Operations: Marketplace, task, P3)

task

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: robhudson, Assigned: jason)

References

Details

(Whiteboard: [temp cert verified][waiting on instructions for hsm generated cert])

Attachments

(3 files)

+++ This bug was initially created as a clone of Bug #819053 +++
+++ This bug was initially created as a clone of Bug #793876 +++

We need to create the real, reviewers-only certificate for signing apps on -prod. This is to sign pending packaged apps so reviewers (who have set up their devices with these) can install and test packaged & privileged apps.
Summary: Create public certificate for signing apps on prod. → Create reviewers-only certificate for signing apps on prod.
This is important.  We have daily meetings about progress on this topic so please give me an ETA and a responsible party I can bug.  Thanks. :)
Assignee: server-ops-amo → jthomas
CC'ing security to make sure that the cert creation steps in Bug #793876 gets r+ and any other recommendations or issues.
Blocks: 791743
No longer blocks: 791741
Why aren't we using the marketplace HSMs for these certs?
Here is the temp cert. @bsmith can you verify?

-----BEGIN CERTIFICATE-----
MIIEJzCCAw+gAwIBAgIEAjAAADANBgkqhkiG9w0BAQsFADCBnDEjMCEGA1UEAxMa
TWFya2V0cGxhY2VUZXN0MiBSb290IENBIDExHDAaBgNVBAsTE01hcmtldHBsYWNl
VGVzdDIgQ0ExJTAjBgNVBAoTHE1hcmtldHBsYWNlVGVzdDIgQ29ycG9yYXRpb24x
FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJV
UzAeFw0xMjEyMTMyMTAwNDRaFw0yMjEyMTEyMTAwNDRaMIHTMTwwOgYDVQQDEzNN
YXJrZXRwbGFjZVRlc3QyIE1hcmtldHBsYWNlIFJldmlld2VyIEFwcCBTaWduaW5n
IDExOjA4BgNVBAsTMU1hcmtldHBsYWNlVGVzdDIgTWFya2V0cGxhY2UgUmV2aWV3
ZXIgQXBwIFNpZ25pbmcxJTAjBgNVBAoTHE1hcmtldHBsYWNlVGVzdDIgQ29ycG9y
YXRpb24xFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAgTAkNBMQswCQYD
VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+9Pw7OTd5y
K8p2gWPX/euwiLrqsNNRu+KaPJrpXpuOq8hTdaW4sTeCFQc0OeR6wNrEKWWnMKKD
gnl2scriXosl8gE9s5SpH78hQMW0OiJbKWz51jo7ozxKCoI1CUONafsvxXVrLl5c
+gxo2l3RroX5+JB8JCZDY+VBs06iqfkeU+87OIOSo0Q2XegnctSTvVCL1ZlYOV1t
Y9ns1VnV9UHgclOw1YE7VPFdrc8wRNu0kKPPI1FhUcbpkLK3lnauZ/K1nNN5KkoC
JYag8INKl4v1YxVgkz3Mq+l26T6i2G/XFp0AndFj1EqZLcYUk5YXTypcAwOP2H5A
nxw1GTPkv9MCAwEAAaM4MDYwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4Aw
FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAIjuNwUB
h8tIccik0Vc9e4Ntm6VhN+kPt2ENVwEzmjo6Rvtdd+nujBXEooQ2LR5mBbgbBpsy
+89FyN7EA/jV+ojBLj53mh/UouN1PHrhZFLwSrBX9+WZxLK6fFpXMx/MxJu5rBg8
2LvMwSBxfJTvUxslsKxgZh+2TlVTo8S47ZYjABO/5y3kv/9kknDlR83F3adXpJEn
cXa1/LMhbvpIeevdS9+NSPZ/hhgkRm4B2itNtysjuqc49XJMqKKQ2x204IsCifel
kZjOkWL9dXOk34dFef3H0oITnxke+Ldca/5aWPujePm7FXbrjy7OBgAetvTzLB5n
2u752MRWT0WBE6g=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID8DCCAtigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnDEjMCEGA1UEAxMaTWFy
a2V0cGxhY2VUZXN0MiBSb290IENBIDExHDAaBgNVBAsTE01hcmtldHBsYWNlVGVz
dDIgQ0ExJTAjBgNVBAoTHE1hcmtldHBsYWNlVGVzdDIgQ29ycG9yYXRpb24xFjAU
BgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzAe
Fw0xMjEyMTMyMTAwNDJaFw0yMjEyMTEyMTAwNDJaMIGcMSMwIQYDVQQDExpNYXJr
ZXRwbGFjZVRlc3QyIFJvb3QgQ0EgMTEcMBoGA1UECxMTTWFya2V0cGxhY2VUZXN0
MiBDQTElMCMGA1UEChMcTWFya2V0cGxhY2VUZXN0MiBDb3Jwb3JhdGlvbjEWMBQG
A1UEBxMNTW91bnRhaW4gVmlldzELMAkGA1UECBMCQ0ExCzAJBgNVBAYTAlVTMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1MjBq7G0/9vFTCtIDiIybm6
2rP7fj4wcYV8m53y9RQ/dJkkdMFcmhZ5RwCac2PYsUV5BbX6cILYo6TFIpZACgNG
K1i/ReGie1dMEzJFl757yAkyc5FjuxsX/tt7ytemQgoIelNQazgxWFYWgMOnte/N
kllExwM/PuZrV9y5BsyXLMg7jz1bEuFOGcGrRPP9KzTD2Li+sox1XZc5ja/0aZij
HeoY+sN3EtqluHfqioQS7cYeP4LpkJdsu1Hdka3TDRAaFqfRcrNO+vqcKmAe33kP
RegoZh/qRoZes71IPKx3ZeuEG8MFhN44mcaigrSWHkB0NldFi4N84yxciPcWiwID
AQABozswOTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDAWBgNVHSUB
Af8EDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQUFAAOCAQEAjUDntmDW6JBnX+1W
mpJfMhCtHjkFJ32JPJiq8lEtnvDZGMlmSmA/HMRgVSktHvnDPDtu9O9bERImYE5w
T+5dHfyAffPPG0TH/URFjT6IG2mQP274Ltk1eBOr/EeQN7Mm7P4JKu/QSqifbIEE
+p0EIDBhsVsDYNzdeoLGkeADVAtKLfXq7nsaPOtbenP6vvVWEdycf9V00/upbm5d
nPTdHdUOnsDgFvlBR601w0NCqMa0N/PS5nkJVhv7iyiUKIcr4QxpAXsMK+5v7Hb4
HSnLndUq2y9lwlVB9UR8Mht/wMZ8OZxRujwIWyUrVF8WHDZw/WPLVNiUykYIa8Ll
RUppWg==
-----END CERTIFICATE-----
Blocks: 820445
Here's the script that I'm using to generate the certificate database that the reviewers phones need.
Attached file push_certdb.sh
This is the script that pushes the generated cert9.db file to the device
<krupa> bsmith: i was able to install a packaged app from reviewer tools after loading the cert
<bsmith> krupa: cool! Were you using the junk I attached, or using fabrice's tool?
<krupa> bsmith: the junk you attached

So, it looks like we're good to go.
Status: NEW → ASSIGNED
Whiteboard: [temp cert verified][waiting on instructions for hsm generated cert]
Priority: P1 → P3
No longer blocks: packaged-apps
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Created in bug 819053.
jason - see comments in 840368... i think they are regenerating the certs... (does this mean you'll need to redeploy certs once regenerated?)
Blocks: 840368
No longer blocks: 840368
I am going to wait until I have the final certs for app signing and reviewer app signing to complete bug 840369.
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: