Closed
Bug 990717
Opened 10 years ago
Closed 10 years ago
reissue ssl certificate for git.mozilla.org
Categories
(Infrastructure & Operations :: SSL Certificates, task)
Infrastructure & Operations
SSL Certificates
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cturra, Assigned: fubar)
References
Details
(Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/203] [expires Jun 30 21:30:24 2014 GMT])
the ssl certificate for git.mozilla.org is set to expire in ~90 days. adding :bkero and :fuba to the /cc list so we can co-ordinate the certificate change. i expect we'll want to reach out to the development/release groups to make them aware of this change. this was last issued in bug 769610.
Assignee | ||
Comment 1•10 years ago
|
||
Adding Hal, too. I don't *think* git has the same fingerprint pinning mechanism that hg can use, so devs shouldn't have to worry about changing anything.
Comment 2•10 years ago
|
||
Git doesn't allow such fine grained control ;) We will want to give advance notice to the dev groups, sheriffs, and release in advance (1wk if possible to get announced in weekly eng meetings). At the time of cert roll, an announcement should be made in #releng so the sheriffs can spot any fallout quicker.
Comment 3•10 years ago
|
||
(In reply to Hal Wine [:hwine] (use needinfo) from comment #2) > Git doesn't allow such fine grained control ;) > > We will want to give advance notice to the dev groups, sheriffs, and release > in advance (1wk if possible to get announced in weekly eng meetings). At the > time of cert roll, an announcement should be made in #releng so the sheriffs > can spot any fallout quicker. There's no rush IIRC (we have 80+ days), this can be done at the next tree closing window to avoid any major breakages?
Comment 4•10 years ago
|
||
aiui, this shouldn't cause any issues, so it would be better to do during business hours, so any bizarre exception is noticed immediately. The notification is just "principle of least surprise". If this will take the git server offline for any length of time, or the cert change is an opportunity to test fail over processes, then we should schedule for the next TCW. That will be May 17.
Updated•10 years ago
|
Whiteboard: [expires Jun 30 21:30:24 2014 GMT] → [kanban:https://kanbanize.com/ctrl_board/4/203] [expires Jun 30 21:30:24 2014 GMT]
Assignee | ||
Comment 6•10 years ago
|
||
New cert generated and installed on zeus (scl3 and phx1) as git.mozilla.org-2017. Will coordinate switch to new cert w/ Hal for early next week.
Assignee: server-ops-webops → klibby
Assignee | ||
Comment 7•10 years ago
|
||
Deployed.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•