Closed Bug 819054 Opened 12 years ago Closed 12 years ago

Create reviewers-only certificate for signing apps on prod.

Categories

(Cloud Services :: Operations: Marketplace, task, P3)

Product:
Cloud Services
Component:
Operations: Marketplace
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: robhudson, Assigned: jason)

References

Details

(Whiteboard: [temp cert verified][waiting on instructions for hsm generated cert])

Attachments

(3 files)

create_reviewer_certdb.sh
(deleted), text/plain
Details
push_certdb.sh
(deleted), text/plain
Details
This is the cert9.db file generated using the first script to be pushed to the device using the second script
(deleted), application/octet-stream
Details
+++ This bug was initially created as a clone of Bug #819053 +++ +++ This bug was initially created as a clone of Bug #793876 +++ We need to create the real, reviewers-only certificate for signing apps on -prod. This is to sign pending packaged apps so reviewers (who have set up their devices with these) can install and test packaged & privileged apps.
Summary: Create public certificate for signing apps on prod. → Create reviewers-only certificate for signing apps on prod.
This is important. We have daily meetings about progress on this topic so please give me an ETA and a responsible party I can bug. Thanks. :)
Assignee: server-ops-amo → jthomas
CC'ing security to make sure that the cert creation steps in Bug #793876 gets r+ and any other recommendations or issues.
Blocks: 791743
No longer blocks: 791741
Why aren't we using the marketplace HSMs for these certs?
Here is the temp cert. @bsmith can you verify? -----BEGIN CERTIFICATE----- MIIEJzCCAw+gAwIBAgIEAjAAADANBgkqhkiG9w0BAQsFADCBnDEjMCEGA1UEAxMa TWFya2V0cGxhY2VUZXN0MiBSb290IENBIDExHDAaBgNVBAsTE01hcmtldHBsYWNl VGVzdDIgQ0ExJTAjBgNVBAoTHE1hcmtldHBsYWNlVGVzdDIgQ29ycG9yYXRpb24x FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJV UzAeFw0xMjEyMTMyMTAwNDRaFw0yMjEyMTEyMTAwNDRaMIHTMTwwOgYDVQQDEzNN YXJrZXRwbGFjZVRlc3QyIE1hcmtldHBsYWNlIFJldmlld2VyIEFwcCBTaWduaW5n IDExOjA4BgNVBAsTMU1hcmtldHBsYWNlVGVzdDIgTWFya2V0cGxhY2UgUmV2aWV3 ZXIgQXBwIFNpZ25pbmcxJTAjBgNVBAoTHE1hcmtldHBsYWNlVGVzdDIgQ29ycG9y YXRpb24xFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAgTAkNBMQswCQYD VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+9Pw7OTd5y K8p2gWPX/euwiLrqsNNRu+KaPJrpXpuOq8hTdaW4sTeCFQc0OeR6wNrEKWWnMKKD gnl2scriXosl8gE9s5SpH78hQMW0OiJbKWz51jo7ozxKCoI1CUONafsvxXVrLl5c +gxo2l3RroX5+JB8JCZDY+VBs06iqfkeU+87OIOSo0Q2XegnctSTvVCL1ZlYOV1t Y9ns1VnV9UHgclOw1YE7VPFdrc8wRNu0kKPPI1FhUcbpkLK3lnauZ/K1nNN5KkoC JYag8INKl4v1YxVgkz3Mq+l26T6i2G/XFp0AndFj1EqZLcYUk5YXTypcAwOP2H5A nxw1GTPkv9MCAwEAAaM4MDYwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4Aw FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAIjuNwUB h8tIccik0Vc9e4Ntm6VhN+kPt2ENVwEzmjo6Rvtdd+nujBXEooQ2LR5mBbgbBpsy +89FyN7EA/jV+ojBLj53mh/UouN1PHrhZFLwSrBX9+WZxLK6fFpXMx/MxJu5rBg8 2LvMwSBxfJTvUxslsKxgZh+2TlVTo8S47ZYjABO/5y3kv/9kknDlR83F3adXpJEn cXa1/LMhbvpIeevdS9+NSPZ/hhgkRm4B2itNtysjuqc49XJMqKKQ2x204IsCifel kZjOkWL9dXOk34dFef3H0oITnxke+Ldca/5aWPujePm7FXbrjy7OBgAetvTzLB5n 2u752MRWT0WBE6g= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID8DCCAtigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnDEjMCEGA1UEAxMaTWFy a2V0cGxhY2VUZXN0MiBSb290IENBIDExHDAaBgNVBAsTE01hcmtldHBsYWNlVGVz dDIgQ0ExJTAjBgNVBAoTHE1hcmtldHBsYWNlVGVzdDIgQ29ycG9yYXRpb24xFjAU BgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzAe Fw0xMjEyMTMyMTAwNDJaFw0yMjEyMTEyMTAwNDJaMIGcMSMwIQYDVQQDExpNYXJr ZXRwbGFjZVRlc3QyIFJvb3QgQ0EgMTEcMBoGA1UECxMTTWFya2V0cGxhY2VUZXN0 MiBDQTElMCMGA1UEChMcTWFya2V0cGxhY2VUZXN0MiBDb3Jwb3JhdGlvbjEWMBQG A1UEBxMNTW91bnRhaW4gVmlldzELMAkGA1UECBMCQ0ExCzAJBgNVBAYTAlVTMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1MjBq7G0/9vFTCtIDiIybm6 2rP7fj4wcYV8m53y9RQ/dJkkdMFcmhZ5RwCac2PYsUV5BbX6cILYo6TFIpZACgNG K1i/ReGie1dMEzJFl757yAkyc5FjuxsX/tt7ytemQgoIelNQazgxWFYWgMOnte/N kllExwM/PuZrV9y5BsyXLMg7jz1bEuFOGcGrRPP9KzTD2Li+sox1XZc5ja/0aZij HeoY+sN3EtqluHfqioQS7cYeP4LpkJdsu1Hdka3TDRAaFqfRcrNO+vqcKmAe33kP RegoZh/qRoZes71IPKx3ZeuEG8MFhN44mcaigrSWHkB0NldFi4N84yxciPcWiwID AQABozswOTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDAWBgNVHSUB Af8EDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQUFAAOCAQEAjUDntmDW6JBnX+1W mpJfMhCtHjkFJ32JPJiq8lEtnvDZGMlmSmA/HMRgVSktHvnDPDtu9O9bERImYE5w T+5dHfyAffPPG0TH/URFjT6IG2mQP274Ltk1eBOr/EeQN7Mm7P4JKu/QSqifbIEE +p0EIDBhsVsDYNzdeoLGkeADVAtKLfXq7nsaPOtbenP6vvVWEdycf9V00/upbm5d nPTdHdUOnsDgFvlBR601w0NCqMa0N/PS5nkJVhv7iyiUKIcr4QxpAXsMK+5v7Hb4 HSnLndUq2y9lwlVB9UR8Mht/wMZ8OZxRujwIWyUrVF8WHDZw/WPLVNiUykYIa8Ll RUppWg== -----END CERTIFICATE-----
Blocks: 820445
Attached file create_reviewer_certdb.sh (deleted) —
Here's the script that I'm using to generate the certificate database that the reviewers phones need.
Attached file push_certdb.sh (deleted) —
This is the script that pushes the generated cert9.db file to the device
<krupa> bsmith: i was able to install a packaged app from reviewer tools after loading the cert <bsmith> krupa: cool! Were you using the junk I attached, or using fabrice's tool? <krupa> bsmith: the junk you attached So, it looks like we're good to go.
Status: NEW → ASSIGNED
Whiteboard: [temp cert verified][waiting on instructions for hsm generated cert]
Priority: P1 → P3
No longer blocks: packaged-apps
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Created in bug 819053.
jason - see comments in 840368... i think they are regenerating the certs... (does this mean you'll need to redeploy certs once regenerated?)
Blocks: 840368
No longer blocks: 840368
I am going to wait until I have the final certs for app signing and reviewer app signing to complete bug 840369.
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: