Last modified: 2013-12-30 04:39:32 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T34796, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 32796 - status.wikimedia.org is using SSL cert from other domain
status.wikimedia.org is using SSL cert from other domain
Status: RESOLVED WONTFIX
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
unspecified
All All
: Normal normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
https://status.wikimedia.org/
: ops
: 44760 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-04 19:24 UTC by db [inactive,noenotif]
Modified: 2013-12-30 04:39 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description db [inactive,noenotif] 2011-12-04 19:24:43 UTC 
status.wikimedia.org is using an security certificate from *.io.watchmouse.com which give a warning in IE.

It is possible to install a wikimedia certificate on that domain? Thanks.
Comment 1 Sam Reed (reedy) 2011-12-04 23:31:20 UTC 
Because it's offsite.

It'll need it's own specific cert buying and assigning
Comment 2 Domas Mituzas 2011-12-04 23:34:34 UTC 
I doubt this is feasible - it is hosted on Amazon AWS, so they'd have to fire up a separate watchmouse AWS LB instance just to serve Wikimedia status? ;-)
Comment 3 Brion Vibber 2011-12-05 02:18:40 UTC 
If we can't get it on a correct cert, we might want to redirect to its canonical domain instead so it at least loads properly. Main obvious downside is if our redirector or iframe wrapper goes down, you don't see it on our pretty domain anymore. ;)
Comment 4 Antoine "hashar" Musso (WMF) 2012-07-17 14:56:11 UTC 
Removing dependency to bug 27946 which is secure.wikimedia.org.
Comment 5 Antoine "hashar" Musso (WMF) 2013-03-16 21:27:28 UTC 
*** Bug 44760 has been marked as a duplicate of this bug. ***
Comment 6 Antoine "hashar" Musso (WMF) 2013-03-16 21:28:23 UTC 
The ops ticket is RT #1849
Comment 7 Rob Halsell 2013-03-20 17:49:18 UTC 
So this certificate is served by Nimsoft, and we have no control over it.  I'll paste the reasoning from RT:

 it is just a CNAME for status.watchmouse.com

status.wikimedia.org is an alias for status.watchmouse.com.
status.watchmouse.com is an alias for dualstack.lb-1710199131.us-east-1.elb.amazonaws.com.

In the watchmouse UI, in "Public folders" setup you can change the CNAME but nothing about SSL or certificates.

And the failure is on their side already anyways, because status.watchmouse.com itself does not show the correct cert

status.watchmouse.com uses an invalid security certificate.

The certificate is only valid for *.io.watchmouse.com

Then folks ask if we can redirect, the answer is no.  It is a status page for when the cluster is down, therefore redirecting via the cluster is non-ideal.

So this is a wontfix, because we cantfix.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links