Opened on 04/04/2014 at 07:33:53 AM
Closed on 04/10/2014 at 03:27:58 PM
#254 closed change (fixed)
Switch from wildcard certificate to certificates for individual hosts
| Reported by: | trev | Assignee: | trev |
|---|---|---|---|
| Priority: | P2 | Milestone: | |
| Module: | Infrastructure | Keywords: | |
| Cc: | Blocked By: | #245 | |
| Blocking: | Platform: | ||
| Ready: | yes | Confidential: | no |
| Tester: | Verified working: | no | |
| Review URL(s): | |||
Description
Background
We are currently using *.adblockplus.org wildcard certificate on most of our hosts. The only hosts with a more specific certificate are the filter download nodes but even for those I had to switch to the wildcard certificate in #245 in order to cover easylist-msie.adblockplus.org subdomain. And it didn't make much difference anyway given that StartCom's certificates always include adblockplus.org in addition to the actual subdomain. This isn't something StartCom is willing to change (https://forum.startcom.org/viewtopic.php?f=15&t=1705).
What to change
Use another vendor to issue certificates for specific subdomains and start using them. What we currently need is (each item is a single certificate):
- easylist-downloads.adblockplus.org, easylist-msie.adblockplus.org, notifications.adblockplus.org
- intraforum.adblockplus.org
- downloads.adblockplus.org
- codereview.adblockplus.org
- stats.adblockplus.org
- issues.adblockplus.org
- update.adblockplus.org
- eyeo.com, www.eyeo.com
- monitoring.adblockplus.org
- reports.adblockplus.org once #240 is fixed
- urlfixer.org, www.urlfixer.org once #244 is fixed
Attachments (0)
Change History (7)
comment:1 Changed on 04/08/2014 at 10:36:25 AM by trev
- Priority changed from P3 to P2
comment:2 Changed on 04/08/2014 at 10:36:49 AM by trev
- Blocked By 245 added
comment:3 Changed on 04/10/2014 at 07:52:06 AM by trev
- Owner set to trev
- Status changed from new to assigned
comment:4 Changed on 04/10/2014 at 09:05:01 AM by trev
- Review URL(s) modified (diff)
- Status changed from assigned to reviewing
comment:5 Changed on 04/10/2014 at 09:08:24 AM by trev
- Resolution set to fixed
- Status changed from reviewing to closed
comment:6 Changed on 04/10/2014 at 09:42:42 AM by trev
- Resolution fixed deleted
- Status changed from closed to reopened
Reverted part of the change: https://hg.adblockplus.org/infrastructure/rev/621377574fda
The certificate we got was listing notifications.adblockplus.org rather than notification.adblockplus.org, need to get a new one.
comment:7 Changed on 04/10/2014 at 03:27:58 PM by trev
- Resolution set to fixed
- Status changed from reopened to closed
Got new certificate and fixed again: https://hg.adblockplus.org/infrastructure/rev/f02be033a94c
I got all the certificates we need right now. New certificate on the main server is already installed, adblockplus.me and acceptableads.org domains are covered as well now.