Opened 5 years ago

Closed 5 years ago

#254 closed change (fixed)

Switch from wildcard certificate to certificates for individual hosts

Reported by: trev Assignee: trev
Priority: P2 Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By: #245
Blocking: Platform:
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):

http://codereview.adblockplus.org/4894914248704000/

Description

Background

We are currently using *.adblockplus.org wildcard certificate on most of our hosts. The only hosts with a more specific certificate are the filter download nodes but even for those I had to switch to the wildcard certificate in #245 in order to cover easylist-msie.adblockplus.org subdomain. And it didn't make much difference anyway given that StartCom's certificates always include adblockplus.org in addition to the actual subdomain. This isn't something StartCom is willing to change (https://forum.startcom.org/viewtopic.php?f=15&t=1705).

What to change

Use another vendor to issue certificates for specific subdomains and start using them. What we currently need is (each item is a single certificate):

  • easylist-downloads.adblockplus.org, easylist-msie.adblockplus.org, notifications.adblockplus.org
  • intraforum.adblockplus.org
  • downloads.adblockplus.org
  • codereview.adblockplus.org
  • stats.adblockplus.org
  • issues.adblockplus.org
  • update.adblockplus.org
  • eyeo.com, www.eyeo.com
  • monitoring.adblockplus.org
  • reports.adblockplus.org once #240 is fixed
  • urlfixer.org, www.urlfixer.org once #244 is fixed

Change History (7)

comment:1 Changed 5 years ago by trev

  • Priority changed from P3 to P2

comment:2 Changed 5 years ago by trev

  • Blocked By 245 added

comment:3 Changed 5 years ago by trev

  • Owner set to trev
  • Status changed from new to assigned

I got all the certificates we need right now. New certificate on the main server is already installed, adblockplus.me and acceptableads.org domains are covered as well now.

comment:4 Changed 5 years ago by trev

  • Review URL(s) modified (diff)
  • Status changed from assigned to reviewing

comment:5 Changed 5 years ago by trev

  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:6 Changed 5 years ago by trev

  • Resolution fixed deleted
  • Status changed from closed to reopened

Reverted part of the change: https://hg.adblockplus.org/infrastructure/rev/621377574fda
The certificate we got was listing notifications.adblockplus.org rather than notification.adblockplus.org, need to get a new one.

comment:7 Changed 5 years ago by trev

  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.