Closed Bug 855828 Opened 13 years ago Closed 13 years ago

Need Mozilla signed SSL cert for Crashplan Prod and Test

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jen, Assigned: cturra)

Details

(Whiteboard: [triaged 20130401])

Per Bug 854748, trying to get a Mozilla signed cert to replace the self-signed cert for the Crashplan server. I'll need one for the test server to verify nothing breaks - as I've never done this before. Then a second one for the production server.
-----BEGIN NEW CERTIFICATE REQUEST----- MIICwjCCAaoCAQAwfTEWMBQGA1UEAwwNQ3Jhc2hwbGFuVGVzdDEcMBoGA1UECgwTTW96aWxs YSBDb3Jwb3JhdGlvbjELMAkGA1UECwwCSVQxFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzAR BgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYMAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAkOHyn9pQIb4A/ZFg4si5tGXp52zpIc7ABkjB8ISt/6wsBKm8lZrC83LaORyQ Z57+LxBZ82PuzHSebEeC7RmyP1Opxw/41ZhIol2rM0HcAf4MpMnfzbm8m6IZZeKPYfF6+U2t 0L62rPu5h/bG9ibZkGLlnn2zGxMeQdGuJvwOGtaFDSszaZU4tu9b7McmHP5P8SsHmdMSXZi5 1Fs1PqJoYqFDq6BOuF9+Sy/VLR8a0v1sDdZ9TQhtsvmiKUamJR4hUqejWYAQtTQiyv2EUSZB 6ASZIjohRXRlHic9X9c4oR83UireFb0P0LCw1CJ4HvL2BNg+8XRk5z5R+sJXSnahQQIDAQAB oAAwDQYJKoZIhvcNAQEEBQADggEBAI10s9t0dIYYcDlg45+k/VUcLGr54bschTdkP6KughDw FOGB42zs5mruXSV2OiVPSbOUW4O5Kzj6vwxyUkl4QgwsiTVQt/aQ58EyOSagGq3zkEfd4O3T 3x39ZT2xrEPlqPUGHoR1weehxJ7JUzZglcmsLqJFfYMtPHUNqa4tCTEiCalBJhSYOfQT8pf8 Q0T18XcuJ8j2oN+GPRTS/dZsNh9tuspzMFVOj9xf8TOLK+rtTYKQE/Po3GM9uVRidRRtueNm fVAil+9vFh3dXV2eyY2iKgwNfpJpP5+aZh5LvR6HYcs+c/zczk8OG8kYoLWgGCH9W0qn2TpS lKodi8BYYAc= -----END NEW CERTIFICATE REQUEST-----
i just had a look at the details of this csr and see that it has a subject of: CN=CrashplanTest, O=Mozilla Corporation, OU=IT, L=Mountain View, ST=California, C=US i suspect this common name (cn) is incorrect and will result in a certificate warning for users. you normally want the cn to match the services fqdn (request uri). i would be happy to generate a new csr for you if you could provide me with a list of all the valid fqdn's? from bug 854748 it looks like the cn should be: crashplan.mtv1.mozilla.com. are there other server aliases that might used in addition to the one i note above?
Assignee: server-ops-webops → cturra
Whiteboard: [triaged 20130401]
HI Chris - Can I use the same cert on my production and test server? If so, can I have crashplan.mtv1.mozilla.com, with an alias of mv-cp01.mv.mozilla.com. This doesn't need to be a paid cert - one from the Mozilla cert server is fine. Jen
(In reply to Jennifer Hayashi [:nej] from comment #3) > Can I use the same cert on my production and test server? there is no reason why you can't use the same certificate across both. however, i would suggest it's not the best security practices to have the private key for a certificate on another non production server. > If so, can I have crashplan.mtv1.mozilla.com, with an alias of > mv-cp01.mv.mozilla.com. This doesn't need to be a paid cert - one from > the Mozilla cert server is fine. i can quickly generate one at no cost using our Mozilla CA, but want to remind you that if users will be hitting any end point at crashplan.mtv1.mozilla.com with their browser, this will return a certificate warning since the Mozilla CA is not a known and trusted Root Certificate Authority.
HI Chris - That's fine for what we're doing. Thanks! Jen
below is the signed public certificate. i will be emailing you the private key encrypted with your gpg key (8A3322CB). -----BEGIN CERTIFICATE----- MIIFbzCCA1egAwIBAgICASIwDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRww GgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMTYwNAYDVQQLEy1Nb3ppbGxhIENv cnBvcmF0aW9uIFJvb3QgQ2VydGlmaWNhdGUgU2VydmljZXMxGDAWBgNVBAMTD01v emlsbGEgUm9vdCBDQTElMCMGCSqGSIb3DQEJARYWaG9zdG1hc3RlckBtb3ppbGxh LmNvbTAeFw0xMzA0MTcyMTMzNThaFw0xODA0MTYyMTMzNThaMIG5MQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmll dzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjETMBEGA1UECxMKT3BlcmF0 aW9uczEjMCEGA1UEAxMaY3Jhc2hwbGFuLm10djEubW96aWxsYS5jb20xJTAjBgkq hkiG9w0BCQEWFmhvc3RtYXN0ZXJAbW96aWxsYS5jb20wggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDMT7glyldGPnBvDcWo0BP90ZOO/KeHJU2+bCDnor+2 IFVJIkH7wMKv/cy5ezYwZgtulAPMDpVKBzxZRvXOi901Q4/oTY9b61oOcyyGanbR 9Syi/BDJvgDqcbm002BKLUuhXjHSwi+VGt9g/Hlu3aJwpSAGISh5m2s8wo3dRiRn N4WZbiq3+0KIJJExIqxduuqwIkt5f9vfXMULVXN+hyb6re7tb2OZ1HhFK5uDs3W/ 7VDGkD+ba/gua7rfkK8lXq8DbvAyHbke1y64+pSBZWoVtqfAPk28LGWqQhlSZ/km PScl9xKUCOIb5ZFxW1P1OwfeQceX09rrbZHSrgs8CnnNAgMBAAGjZzBlMB8GA1Ud IwQYMBaAFLnVc+yPGeKzGTrkbqGGUDWLZsLpMDQGA1UdJQQtMCsGCCsGAQUFBwMB BggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAw DQYJKoZIhvcNAQEFBQADggIBADw/66QRIrgvebWBE9k8VMZ2yKOiyR2uoN4/pAxD lmPLIm+lX605Y5uiz8HSG7Bt1ltxL1qlKKI5jKIm4JfJkzFgihuPn5AAxhhMMqUF /HnchJsWrMSgzxdZH+9u/gmJm6G0Hv7f1j7RH8N7cWkRgJcGrEvk+SI5iAjo1Nh6 zaxE9HXMRj1feS/rJyxzTdRxiAgDu41GTW9eryKCXHmLj0ZRT7V/TyvYaLCQhCa9 +4jJeYdb9m8s9v2Or/HCk/rlUUiioCS27Z/hFStuSLOsRGp0YNqhP9l1wPuVfzCi toPHPEJrI3shmDhLmjTgvlSdpguotmiF9hMjPBlMqU+cfgWOxUxzsrVTcd7FJve3 PwGfw+jHJ1WQ9ObSIR/3iwYQmlUsHJ/KG0oP1Xyj+eqfKDJJ7sXGwiKjpjIJf3SX LAc+3R+tMu/QVH58DVrnqjGIdB818gkuX3qSdiNp31Z73WBtklj3qHWAvV74xM1Z ECZlkbJOcZd1+2uAbd2S1uavDB1Xj+NbrIVl2tDMLsb3kHb5L52uQY48sWxL+goY cDzQX33+ugzhXG6bzT/cItvjnpCT4UWwK5rzVM/2UtxIhjrTN786AKIgSF20jlTU t5IrbcqnzIdRdzSl9jcHJygCXNdRP7ed5OPnPTovV29lijmG9PcsC3xbfcaH1vWh 4UZd -----END CERTIFICATE-----
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.