Closed Bug 842696 Opened 12 years ago Closed 12 years ago

Certificate request : {yahoo,google,microsoft,maybe others}.login.persona.org

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gene, Assigned: bburton)

References

Details

Hi, we established an EV cert for persona.org in Bug 757705 Since that time we've introduced a new product which is independent of persona (doesn't have dependencies on persona). We'd like to get a cert for this product. Currently, we will deploy it as https://yahoo.login.persona.org/ In the future we will extend this to https://google.login.persona.org/ https://microsoft.login.persona.org/ and maybe a few more. This certificate need not be an EV cert. What do you recommend for this? If it's possible I'd like for the cert to be separate from the existing certificate we have (Bug 757705) since this new product doesn't depend on persona and it would be nice to keep the two systems discrete, though one obvious solution here would be to extend the existing Multi-SAN cert to include this additional name and just use the cert on both products. Is it possible to get a cert and then add SANs to it down the road? What's the most cost effective?
See Also: → 757705
Blocks: 772686
Assignee: server-ops-webops → bburton
Priority: -- → P3
Per IRC discussion, we'll order a SAN with the first three names, re-issues up to the first 5 SAN names are free and it's a small cost to add SANs beyond that.
Austin, I'm vaguely remembering that there was some agreement or conversation with microsoft about what domain name to use (microsoft.login.persona.org). Maybe we'd initially talked about using "hotmail" and then changed to "microsoft". Have we talked with microsoft about bigtent at all? I ask because geotrust (certificate provider) is saying we can't have the word microsoft in our domain name and I wanted to see if we had some kind of document or something showing that microsoft is on board.
Flags: needinfo?(ozten.bugs)
Proceeding with yahoo/google in the mean time -----BEGIN CERTIFICATE REQUEST----- MIIDPjCCAiYCAQAwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBv cmF0aW9uMSAwHgYDVQQDExd5YWhvby5sb2dpbi5wZXJzb25hLm9yZzElMCMGCSqG SIb3DQEJARYWaG9zdG1hc3RlckBtb3ppbGxhLmNvbTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAOOnfVxLH/aIIffxzM/o20kvgG1w3HzpJyXMgwwML575 7laDAri2m1nZeijavsWCVLEKa4RcYJ6fu8mGAZNWFgAVPftyeLU0AlTEEjK+4aWp 3pl2dgdy16N3aSSRe17ODZgCGh8REUpb46iClH3wYOZk6gtKPam4mXBuYXIN4Nz+ tnYytjPAH/zEDSbN95Ip4UGOI1ePZ3sdRzARmjuCjDtQ4oyFZAwmSEhm05NGf51R AKNKuwHKVC+zGYZtnchBAKaVNz+X4g4+J/I6wIHf8/VASCNwXC+x1VIoGWxNgXX8 PsqQ40v7HuD8Klllpb4gqbGxDUS+hG5Tnc8o/6dPNpMCAwEAAaBXMFUGCSqGSIb3 DQEJDjFIMEYwEQYJYIZIAYb4QgEBBAQDAgZAMAwGA1UdEwEB/wQCMAAwIwYDVR0R BBwwGoIYZ29vZ2xlLmxvZ2luLnBlcnNvbmEub3JnMA0GCSqGSIb3DQEBBQUAA4IB AQDbyi6rWf0h5qdnJZf25UipeNavVoyIscXlVtd24Efhc517aHqWWAPGxuU7WyOF dFyu/tmIAFBWikheC//Z+q/KGVJWE54dCRu9IGPCNNpaUZP3UWSs6Wd3R2grut9D QBOWl9cXqyGtPo3CsQACZdrIaa/I/xPHbcwG+9DaiIIMVJ77RIit7irY5Jp+W/SE zpCRblKwl+iFrDZp7bvGOCD9EG12aZvzWQyoUdx7D0taL/7G5ju45JJFpdqTax6v ZHe5r0Qgl3rKYMmNpsMtc77nYrJI35JioGBTIRAz9EDfYtiDXwBmT04Ncl+ZVm1I vECEyfLml1kF41u/RVNDWeTW -----END CERTIFICATE REQUEST-----
Status: NEW → ASSIGNED
Permission to use * "https://microsoft.login.persona.org" * "https://microsoft.login.anosrep.org" was documented in Bug#766187 Comment#c6 More documentation in Bug#765002.
Flags: needinfo?(ozten.bugs)
True BusinessID Enrollment Thank you for your True BusinessID certificate request Your order number is: 9565621 These usually take 48 hours to process
I've reached out to our Sales Rep about getting microsoft. added
Web Server CERTIFICATE ----------------- -----BEGIN CERTIFICATE----- MIIFIjCCBAqgAwIBAgIDAgfSMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEzMDIxOTA4NDMyMVoXDTE1MDIyMjA0MTcwOVowgaUxKTAnBgNVBAUT IHROOUlMN3Q0c2FyQ2FUUVlqRkVUcW5mREsvTElTLTJKMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEgMB4GA1UEAxMXeWFob28ubG9naW4u cGVyc29uYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjp31c Sx/2iCH38czP6NtJL4BtcNx86SclzIMMDC+e+e5WgwK4tptZ2Xoo2r7FglSxCmuE XGCen7vJhgGTVhYAFT37cni1NAJUxBIyvuGlqd6ZdnYHctejd2kkkXtezg2YAhof ERFKW+OogpR98GDmZOoLSj2puJlwbmFyDeDc/rZ2MrYzwB/8xA0mzfeSKeFBjiNX j2d7HUcwEZo7gow7UOKMhWQMJkhIZtOTRn+dUQCjSrsBylQvsxmGbZ3IQQCmlTc/ l+IOPifyOsCB3/P1QEgjcFwvsdVSKBlsTYF1/D7KkONL+x7g/CpZZaW+IKmxsQ1E voRuU53PKP+nTzaTAgMBAAGjggG9MIIBuTAfBgNVHSMEGDAWgBRCeVQbYc1VKz5j 1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMDwGA1UdEQQ1MDOCGGdvb2dsZS5sb2dpbi5wZXJzb25hLm9yZ4IX eWFob28ubG9naW4ucGVyc29uYS5vcmcwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDov L2d0c3NsLWNybC5nZW90cnVzdC5jb20vY3Jscy9ndHNzbC5jcmwwHQYDVR0OBBYE FAZB9E3dO3owPMGWRsM4hlcLFwbmMAwGA1UdEwEB/wQCMAAwbwYIKwYBBQUHAQEE YzBhMCoGCCsGAQUFBzABhh5odHRwOi8vZ3Rzc2wtb2NzcC5nZW90cnVzdC5jb20w MwYIKwYBBQUHMAKGJ2h0dHA6Ly9ndHNzbC1haWEuZ2VvdHJ1c3QuY29tL2d0c3Ns LmNydDBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0 cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQUF AAOCAQEAfucy9bQQf6oXVQX51A6u+in9g+66M4PTxisDbu3sKzn1dySlm/ck2hCy Fk6s5khWbLy9bZKHrr39z32H1BBRsaB4qUT+yH2wg/Qu6RCc8skRXsUUw18xuTxL kFkqhf7o41ikSLCU7xgZXlZSZIPVZmxDXOz6Z8O/wdiFseUm+z4rAFxdfAjwK/Wb K6MYMw1CxV4HnN1qR37KDT8dO5pGbTQCaq66Lem5uA2kKHHBoStPQJO3nmqVH4cK GuOyAIW+efrcOfqdrl66Waf23asCgck2LIvLVu9lJk5Y8kg0tEV09WGJBn1sBsx7 iuyiMUuYRVZGnNFHuaJiROY3oTwriw== -----END CERTIFICATE----- INTERMEDIATE CA: --------------------------------------- -----BEGIN CERTIFICATE----- MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0 IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR 8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50 96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5 VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4 ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES 0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk 2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V 4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ= -----END CERTIFICATE-----
The cert with yahoo|google.login.persona.org has been saved as bigtent-san.login.persona.org.crt on ssl1.private.phx1 I'll leave this open pending a response about microsoft.
Brandon, worth noting, there is no hurry on the microsoft SAN since that comes later this year.
Status: ASSIGNED → NEW
Priority: P3 → --
Let's just open a new bug when MS is needed
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
See Also: → 884671
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.