firefoxflicks.org using the wrong cert

VERIFIED FIXED

Status

Infrastructure & Operations
WebOps: Other
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: mkelly, Assigned: cturra)

Tracking

Details

(Whiteboard: [triaged 20130204])

(Reporter)

Description

5 years ago
Visiting https://firefoxflicks.org/ shows the Untrusted Connection screen in Firefox because it's using a cert for www.mozilla.com,mozilla.com instead of firefoxflicks.org. 

Since this is the main url being used to advertise the site (apparently) it needs a proper cert to avoid the warning.
(Assignee)

Comment 1

5 years ago
:mkelly - the certificate being used is for firefoxflicks.mozilla.org, which is why you're seeing the certificate warning (the CN doesn't match the sites FQDN). last year we used firefoxflicks.com for the campaign, which still has a valid signed public certificate. would it be an option to use the .com instead of the .org? this would save us a couple hundred bucks in buying a new cert for this years campaign?
Assignee: server-ops-webops → cturra
Whiteboard: [triaged 20130204]
(Assignee)

Comment 2

5 years ago
making this public :)
Group: infra
(Assignee)

Updated

5 years ago
Duplicate of this bug: 837805
(Reporter)

Comment 4

5 years ago
I think we already have lots of promotional material out with the firefoxflicks.org domain on it, so we might have to buy it anyway.

CC'ing engagement folk to confirm that we need to use firefoxflicks.org and can't switch to firefoxflicks.com
(In reply to Michael Kelly [:mkelly] from comment #4)
> I think we already have lots of promotional material out with the
> firefoxflicks.org domain on it, so we might have to buy it anyway.
> 
> CC'ing engagement folk to confirm that we need to use firefoxflicks.org and
> can't switch to firefoxflicks.com

Do they have HTTPS:// urls on them? If not we can make it so HTTPS doesn't work, but http does a redirect

Comment 6

5 years ago
As far as I can tell:

http already works and has a redirect.

The above is specific to https. I am not 100% sure what URL they are promoting.

Requesting feedback from arcadio to make the official call.

Aracdio https://www.firefoxflicks.com causes a cert error because we do not have a cert for this. http works fine. AFAIK printed materials etc use http so this might not be a problem.

Looks like this morning someone used https://www.firefoxflicks.com for the weekly meeting wiki and this caused some folks to complain in #airmozilla.

If this was free I would just say go for it, better to avoid issues if we can. However because this costs a few hundred bucks, can you make the official call if we need a cert on https?
Flags: needinfo?(alainez)
(Assignee)

Comment 7

5 years ago
:bensternthal / Aracdio - just a quick clarification. in this morning www.firefoxflicks.org was used, but last year we used www.firefoxflicks.com for the campaign. the latter (.com) HAS a valid digital certificate where as the former (.org) does NOT.

Comment 8

5 years ago
Hey Ben, 

Not sure what was used last year. When I started working on this, the URL was/has been the .org. I've never actually seen a .com.

That being said, the PR team and the community teams are using the .org in their releases and collateral. Nothing has been printed as of yet but I think it's on the verge of being too late to stop that train from leaving the station. 

How much is a few hundred bucks? I would say, buying the certificate for the .org is a priority. 

Out of curiosity, why are we using .org this year, if last year was .com?

LMK

arcadio
Flags: needinfo?(alainez)
Last year it said firefoxflicks.org on promotional materials not .com.
(Assignee)

Comment 10

5 years ago
:chelsea - then we had this same issue last year. our load balancer has an ssl catalog configured for firefoxflicks.com. i will get the .org sorted out here for this.
(Assignee)

Comment 11

5 years ago
i have generated the certificate signing request and private key. this domain wasn't in our list of authorized domains with geotrust, so i have reached out to them to get approval on this. once that is sorted (usually within 1 business day) i will have this signed certificate added to our load balancer ssl catalog to address this certificate warning. 

i will keep this bug posted with further updates.
(Assignee)

Comment 12

5 years ago
all sorted! domain added to our geotrust account and the new cert has been signed/configured on the load balancers.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Updated

5 years ago
Status: RESOLVED → VERIFIED
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.