945595 - Invalid SSL certificate on https://openwebdevice.org

Status: RESOLVED FIXED

(Infrastructure & Operations :: SSL Certificates, task)

Description

[Josh Mize [:jgmize]]

The certificate is only valid for *.paas.mozilla.org

Comment 1

[Chris Turra [:cturra]]

i wasn't aware ssl was a requirement. spinning this bug off to get that sorted for you.

Comment 2

[Chris Turra [:cturra]]

domain has been submitted for organization validation. once digicert (our certificate authority) completes that, i will get a certificate signed for {www.}openwebdevice.org and applied to the load balancer. i expect this should be ready to go in the morning.

Comment 3

[Chris Turra [:cturra]]

ssl certificate now issued and applied to the production paas using SNI (server name indication).


$ openssl s_client -servername www.openwebdevice.org -connect www.openwebdevice.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=CA/L=Mountain View/O=Mozilla Corporation/CN=www.openwebdevice.org
   i:/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGnzCCBYegAwIBAgIQCe3jSZnhXzjoHDaTXsrOLjANBgkqhkiG9w0BAQUFADBI
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSIwIAYDVQQDExlE
aWdpQ2VydCBTZWN1cmUgU2VydmVyIENBMB4XDTEzMTIwMzAwMDAwMFoXDTE0MTIw
ODEyMDAwMFowcDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMR4wHAYD
VQQDExV3d3cub3BlbndlYmRldmljZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfSp81IiPDuCdtxzovJAyiiFwFWB6p8wGpn5rEjsizfbvtLEwA
RdTbovb5Gfa85RPIo6NDEmFfwCiqRw/LqAq1RiC4Vjfy/vALPJTz8Lg3iqjNW5BG
QLyGgOh9ys65OcT+p9MOYOpuDsdxzVib60HqnxcLg54r9G7YziwbyVbV9+stjB+I
2Bvh9k7ZRtwMVmBKRHNNj0BAfCBfAwQ+uwNZOEFkX5eXR9BV5O4YIokq7Rq2qh2e
kGtyMU8m2TFgaKalkFSy0G43NcwafjLCaqsbLjq4fxlE86icl0E2CNVCLMrpjriB
cbTBfLIdFVKvcchrQegg79FqNJl9mCNkZdEFAgMBAAGjggNbMIIDVzAfBgNVHSME
GDAWgBSQcds363PI79zVHhK2NLorWqCmkjAdBgNVHQ4EFgQU1sjePdvqWXyZz7Vt
N6I+YAQEBiswMwYDVR0RBCwwKoIVd3d3Lm9wZW53ZWJkZXZpY2Uub3JnghFvcGVu
d2ViZGV2aWNlLm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMGEGA1UdHwRaMFgwKqAooCaGJGh0dHA6Ly9jcmwzLmRpZ2lj
ZXJ0LmNvbS9zc2NhLWc1LmNybDAqoCigJoYkaHR0cDovL2NybDQuZGlnaWNlcnQu
Y29tL3NzY2EtZzUuY3JsMIIBxAYDVR0gBIIBuzCCAbcwggGzBglghkgBhv1sAQEw
ggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9zc2wtY3Bz
LXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4AeQAgAHUA
cwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAGMA
bwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYA
IAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQA
IAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUA
bQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkA
dAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAA
aABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMHgGCCsGAQUF
BwEBBGwwajAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIG
CCsGAQUFBzAChjZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRT
ZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOC
AQEAV8PaBulG0Hrh1z7FZwFNsPVI6GvFDVS8ydg7icAbPExXs8Z71IwPQT52p55Z
CgrksDk7MJzYXUUmjsfjW5LspO931sD5VCdKCdIbpiI20DQzFf/JkJTrO4/jeGEL
jgLyVTrOd4EXkthn1dUOq6iL9v4a41zGAY2hlSCOmg/gWdpuIBw8dUGsPHpVF8oN
XB4vQ+zwy8F3XYI0/obtgSkZsNbE892PfKUT2S4R65zVgR8vA9lQcUzPM8edVMeb
pYIVZlbT9lM9KtdJMv770hDRvpEKDn8/wzArMclpuFcQf99r6c72hl8jLJMmcxjD
CTD6kofhyI4l9JgaWLLQF+Qrlw==
-----END CERTIFICATE-----
subject=/C=US/ST=CA/L=Mountain View/O=Mozilla Corporation/CN=www.openwebdevice.org
issuer=/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
...

Comment 4

[:Atoll]

Bug 1143923 tracks the renewal of this certificate.