Certificate on l10n-stage-sj.mozilla.org expired on 2013-12-01

RESOLVED FIXED

Status

Infrastructure & Operations
WebOps: SSL and Domain Names
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: Ian Neal, Assigned: cturra)

Tracking

Details

(Reporter)

Description

4 years ago
If you visit https://l10n-stage-sj.mozilla.org you get a warning about the certificate. It shows as having expired on 1st December 2013.

Updated

4 years ago
Assignee: server-ops → server-ops-webops
Component: Server Operations → WebOps: SSL and Domain Names
Product: mozilla.org → Infrastructure & Operations
QA Contact: shyam → nmaul
Laura/Axel - I guess we got a 1 year cert because we weren't going to be using this site for more than a year. Has that changed?
Flags: needinfo?(laura)
Flags: needinfo?(l10n)

Comment 2

4 years ago
We're not using l10n-stage-sj anymore, but we do use l10n-dev-sj, which used to just complain about the mismatched name.

The progress towards the real elmo-dev.allizom.org setup is still slow, sadly, so it'd be nice to get another short-termed cert for l10n-dev-sj.
Flags: needinfo?(l10n)
(Assignee)

Comment 3

4 years ago
:Pike - i'd rather not use a CA signed ssl certificate for a short term development environment. would you be okay with us issuing an ssl certificate for l10n-dev-sj.mozilla.org through the mozilla ca?

additionally, it looks like this dev environment lives on the same node as production - at least they're currently configured to use the same virtual ip group - generally, i'd say that's not a good idea.

  $ dig +short l10n.mozilla.org
  63.245.215.19

  $ dig +short l10n-dev-sj.mozilla.org
  63.245.215.19

  $ host 63.245.215.19
  19.215.245.63.in-addr.arpa domain name pointer l10n-dashboard-zlb.vips.scl3.mozilla.com.
Flags: needinfo?(l10n)

Comment 4

4 years ago
I think the mozilla ca is OK for l10n-dev-sj, thanks.

And yes, currently there's one VM serving up both instances, this is because they need access to shared data which we can't host on NFS. That's bug 857107.
Flags: needinfo?(laura)
Flags: needinfo?(l10n)
(Assignee)

Comment 5

4 years ago
understood. as discussed, i have moved this reissue to the mozilla ca.

$ openssl x509 -subject -issuer -in l10n-dev-sj.mozilla.org.crt -noout
subject= /C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=Operations/CN=l10n-dev-sj.mozilla.org/emailAddress=hostmaster@mozilla.com
issuer= /C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=Mozilla Corporation Root Certificate Services/CN=Mozilla Root CA/emailAddress=hostmaster@mozilla.com


-----BEGIN CERTIFICATE-----
MIIFbDCCA1SgAwIBAgICAU8wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRww
GgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMTYwNAYDVQQLEy1Nb3ppbGxhIENv
cnBvcmF0aW9uIFJvb3QgQ2VydGlmaWNhdGUgU2VydmljZXMxGDAWBgNVBAMTD01v
emlsbGEgUm9vdCBDQTElMCMGCSqGSIb3DQEJARYWaG9zdG1hc3RlckBtb3ppbGxh
LmNvbTAeFw0xNDAxMDkxNzA4MDJaFw0xOTAxMDgxNzA4MDJaMIG2MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmll
dzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjETMBEGA1UECxMKT3BlcmF0
aW9uczEgMB4GA1UEAxMXbDEwbi1kZXYtc2oubW96aWxsYS5vcmcxJTAjBgkqhkiG
9w0BCQEWFmhvc3RtYXN0ZXJAbW96aWxsYS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzaMFGJWWshRKoZg9ooH0HDYh9ZkRXImtq++3sEk6tqWQK
SQYnol+dS0PfWIc+8eo9jVarXxdgCmS3aV1uHKD2pw84CizGwBIfs34Z/C5OZusl
88fvHptNronD8T231Ce8HVZCWYhkKLsIM3eJRZEFLl/tYVGXsipaaE4gcioedHNl
m6Oauv2CHxv49E8lnZrMcm4fLjiuoehmwYdoyN658EHz7B1Tm0vwGuaOjA41Aqli
5Hdio7e73tFvBSzDjYUmwsfONHPNjf4QvuWOnkV37G+u4u0MxHBd1LuEBRK5bNvJ
jluM/iKxE/hRW/iuxQFeSQPiG4ZjNBp4FHgJSX6BAgMBAAGjZzBlMB8GA1UdIwQY
MBaAFLnVc+yPGeKzGTrkbqGGUDWLZsLpMDQGA1UdJQQtMCsGCCsGAQUFBwMBBggr
BgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwDQYJ
KoZIhvcNAQEFBQADggIBAJyVOtJZ77DDibKT2sMAtZneeGg69PegtNlxuKyZDh5O
8njY36/xlOsMv29QiNLUccMHjZvRpVQMvmlGFOqfRuGicLhdjX9gMdoKeBFvtUKe
O8NUnUW3wkgORyDYS2QU+UtSeoG7UVOhY92rczdP5e8mo4cJdd3mYaYSbWvg7uFL
kG6yEY2rqHnfuubmDuosF7WgBYW8PsXr1WEDARQzknTzOcgFnciY9BMvAuJiHyRW
OAGpBXjpJy5y/SuhOqrxj1Gsoj+cC2ZZxm2PO3bPTw+N2tT4zedbcc005uzb7oGg
U+nh0DYTTfqyt+ivVFJlF7XZvfMI2vyxMfiq5kvdOWitCvAuY9Ws1MXnAZ3oYxXO
/iiZn7dNGJLfgTY0/ulg47WOWA0HtiIIaxg2RN/NJZ9p1dgNucVeADXMdYGqgYhN
TDloBfc7QH7YjyYLiiTGgxMn0fVnaNeqB/WJONZ3Z4rwHyUoGAFu5/0Gskkd4C0q
5ZxAVkEz7vqZVntv6aUTjwkEUqe2C6FRb+yCbA7JKprEqx37COkrqoMYPfeN3NLV
t6yIb6sdbt8XLBgZCmV2kYO9jH9RCNAVcGDSbL7vJKt8fZhidIEA/OfaEbiRMAiU
qdb3v9X4Bygh0ko9PVQyfDoWCSSY2SWUI4QrTmxeG/iEMZhsAQClZXEP6WLAt3HU
-----END CERTIFICATE-----
Assignee: server-ops-webops → cturra
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.