Closed Bug 868474 Opened 12 years ago Closed 12 years ago

Certificate request : firefoxos.persona.org

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: gene, Assigned: cturra)

References

Details

First, this request is pending approval from opsec ( Bug 868467 ). I'm hoping to have approval this morning. We need a certificate for the domain firefoxos.persona.org. This cert need not be an EV cert. This cert could either be a standalone certificate (preferred) or a modification to our existing EV multisan certificate for login.persona.org. If the solution is the former, we'll use this standalone cert for until 5/22 at which point we'd like to revoke it and modify our existing login.persona.org certificate to include in it's multi-SAN setup the name firefoxos.persona.org If the solution is the latter, we can replace one of the existing domain names in the cert which we are not using (either apps.persona.org profile.persona.org or proxy.login.persona.org) with firefoxos.persona.org or add a new one. On 5/22 we'll want to issue a new copy of this multi-san cert (new private key) and then revoke the old one. I am unsure of what's possible in regards to re-issuing certs with the same name, and then subsequently revoking the old one. I'm also unsure about the costs involved in that process or either of the above alternative methods. I would first like to get #infra opinion on these options (or proposals of additional options). I'd also like to get a sense of the turnaround time on these options because I believe we need to get something today. Once we have opsec approval we can go and acquire the certs.
See Also: → 868467, 863417
Let's do this, while we wait for opsec approval to *use* the cert, would someone in IT speak to my questions above and start the cert acquisition process?
Opsec acks acquisition and use for this cert as per usage in comment 1 of bug 868467
After a conversation in IRC, we're definitely going to do a standalone SSL cert here. Mozilla CA is not sufficient either, needs to be a real one.
i can whip up a standalone cert through geotrust for you.
:gene - attached is the signed public cert and intermediate. you can find the key on ssl1.private.phx1 -----BEGIN CERTIFICATE----- MIIFFzCCA/+gAwIBAgIDAjZmMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEzMDUwMjAwNDIyNVoXDTE0MDUwNTA5MzI0NVowgbYxKTAnBgNVBAUT IDRYbXlJN3dWYzBRaGFKRVVWWWRJaEV4bExNNkdNN2Y1MQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjERMA8GA1UECxMIU2VydmljZXMxHjAc BgNVBAMTFWZpcmVmb3hvcy5wZXJzb25hLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALuhJjK4WrxKIKDJno3EWkvj6mbzijW9kTMZoMVn2vuc9uvK rnmTrmM6XWVUY1opjcpKQ2873OPUDXfRWj7am+H+c4ycVeb/TFGFDwyusZsQeIpJ iAOQ6QLuOFWvM3f34HlIUri27BMDyksg3IwYDPC4HrixXWhlJBy9bDi7eNgTazxR Qni8m702CYjzBbL/GSfKAA2lixzM2fNSmK36B4Y4bMIr5YQAfxprf7sGx537HXlU YRq8OXOJ9jmr2Y+9/bIY8fP/yPMmnGAA5aabmemDCiqY98gDNIH9avZsqe4YtJYz l7vgZGJyYgNpQBVC0Dlk9evdyKM5gq2SRiJ4LF8CAwEAAaOCAaEwggGdMB8GA1Ud IwQYMBaAFEJ5VBthzVUrPmPVPEhX9Z/7Rc5KMA4GA1UdDwEB/wQEAwIEsDAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVZmlyZWZveG9z LnBlcnNvbmEub3JnMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBTApp6vLc6YSv5z nTb7B2lOGqORRzAMBgNVHRMBAf8EAjAAMG8GCCsGAQUFBwEBBGMwYTAqBggrBgEF BQcwAYYeaHR0cDovL2d0c3NsLW9jc3AuZ2VvdHJ1c3QuY29tMDMGCCsGAQUFBzAC hidodHRwOi8vZ3Rzc2wtYWlhLmdlb3RydXN0LmNvbS9ndHNzbC5jcnQwTAYDVR0g BEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2Vv dHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAG+JnIGN Hc4sbgJaLLD2S27JP57/fgpVErbWmqjr2Vd6UdikCtY2rivTkkeR0A7wWpxdCQPg WsZCLNrTdFobc7GqBnfYMAGtz5jP/ZiWpoy1cJLz8ISShig4wN8hI6wpULHAkb5W LeDGomY+uUw9uIy+tRMaYcY9wn/yyJpP+/HuRL70blAzpNnEH+K4EUO9zOX6qK4k jqq6rnmw9LMRxa609eO63C+foDIUKy9Fcg13nRdeefpgjhbrhiuXcc8d0aSHT64h fkPX9oBZf25Kz1nYGSABindJrMkctIT7JrhdCPfM0e3LsaBuGbXwjrOsvSHSt4VO pBRi7TbMYTJmKj0= -----END CERTIFICATE----- INTERMEDIATE CA: --------------------------------------- -----BEGIN CERTIFICATE----- MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0 IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR 8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50 96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5 VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4 ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES 0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk 2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V 4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ= -----END CERTIFICATE-----
Assignee: server-ops-webops → cturra
Status: NEW → RESOLVED
Closed: 12 years ago
OS: Linux → All
Hardware: x86_64 → All
Resolution: --- → FIXED
Fantastic. And thanks * 2 for including the intermediate.
Status: RESOLVED → VERIFIED
OS: All → Linux
Hardware: All → x86_64
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.