Closed
Bug 398923
Opened 17 years ago
Closed 15 years ago
https://mozilla.com and https://mozilla.org display SSL certificate mismatch errors
Categories
(mozilla.org Graveyard :: Server Operations: Projects, task, P5)
mozilla.org Graveyard
Server Operations: Projects
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: reed, Unassigned)
References
()
Details
https://mozilla.com and https://mozilla.org are giving certificate mismatch errors because the SSL certificates are actually for *.mozilla.com and *.mozilla.com, which doesn't match mozilla.com and mozilla.org. See bug 398915 for more details. Since the patch in bug 327181 landed (for Firefox 3), SSL certificate mismatch errors are not going to be very easy to bypass anymore, so it's not just some error you can easily "get around". The easily fix would probably be to just get two simple SSL certificates for mozilla.com and mozilla.org.
or in other words, https://site.tld/ should match SSL certificate issued for "*.site.tld"
Comment 2•17 years ago
|
||
(In reply to comment #0) > The easily fix would probably be to just get > two simple SSL certificates for mozilla.com and mozilla.org. That would seem to suggest that everyone's going to have at least two certs for their sites, one for www.domain.com and one for domain.com (and eat two IP addresses at the same time). That can't possibly be the right fix, can it?
Comment 3•17 years ago
|
||
Nobody should be using mozilla.org or mozilla.com. That's why everywhere we link to it uses the www. in front. In fact, there's very few places we link the https version at all. It's there as a courtesy to people who want to make sure they've got the right site (and also to allow css and images on that site to be used from other https sites without a broken lock icon).
Comment 4•17 years ago
|
||
wontfix'ing per comment #3
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
Comment 5•17 years ago
|
||
Why don't we redirect from https://mozilla.org/ to https://www.mozilla.org and from https://mozilla.com/ to https://www.mozilla.com/? Would that fix the cert mismatch errors?
Comment 6•17 years ago
|
||
No because SSL negotiation happens first, before the redirect - you'd get a cert warning (or failure to connect) and then a redirect.
Reporter | ||
Comment 7•16 years ago
|
||
The new cert for *.mozilla.com will fix https://mozilla.com. https://mozilla.org will still be broken until a new certificate has been generated in a year or two.
Status: RESOLVED → REOPENED
Component: Server Operations → Server Operations: Projects
Resolution: WONTFIX → ---
Reporter | ||
Updated•16 years ago
|
Assignee: server-ops → nobody
Status: REOPENED → NEW
Reporter | ||
Updated•16 years ago
|
Priority: -- → P5
Comment 9•15 years ago
|
||
(In reply to comment #7) > The new cert for *.mozilla.com will fix https://mozilla.com. > https://mozilla.org will still be broken until a new certificate has been > generated in a year or two. Doesn't look like we got the new cert with SAN support so that's not the case. That one has a year or so before it expires. mozilla.org expires in December and we'll get it like that. Guess we'll sit on this bug until then.
Status: NEW → RESOLVED
Closed: 17 years ago → 15 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•15 years ago
|
Resolution: FIXED → WONTFIX
Comment 12•15 years ago
|
||
Because it wasn't an easy product offering I was able to get through GeoTrust at that time and I still agree with comment #3.
Comment 14•15 years ago
|
||
The SSL cert for *.mozilla.org issued in december 2009 doesn't have a SAN extension so doesn't fix this problem (no SAN extension also means it's broken WRT the 5280 RFC). What could be the procedure to make sure you don't forget to ask for a SAN the next time ?
Comment 15•15 years ago
|
||
(In reply to comment #14) > (no SAN extension also means it's broken WRT the 5280 RFC). That is bug 553749. This bug was considered a WONTFIX on its own merits (comment #3) but is likely to be fixed along with bug 553749.
Assignee | ||
Updated•10 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•