Last modified: 2014-10-28 19:12:37 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T66484, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 64484 - Fix SSL certificate of noc.wikimedia.org
Fix SSL certificate of noc.wikimedia.org
Status: VERIFIED FIXED
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
wmf-deployment
All All
: Normal normal (vote)
: ---
Assigned To: Rob Halsell
:
Depends on:
Blocks: 64483
  Show dependency treegraph
 
Reported: 2014-04-26 16:04 UTC by Krinkle
Modified: 2014-10-28 19:12 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Krinkle 2014-04-26 16:04:42 UTC 
[16:00 UTC] cvn-apache5.eqiad.wmflabs$ bin/update
+ curl https://noc.wikimedia.org/conf/all.dblist
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Comment 1 Krinkle 2014-04-26 16:06:35 UTC 
Note that when running locally (Mac OS X, latest) it works fine without errors. I only get these on Ubuntu and/or Labs.
Comment 2 Tim Landscheidt 2014-04-26 17:48:13 UTC 
On a more general note, it would be nice to add a test for this as part of our Icinga checks for https servers.
Comment 3 Marc A. Pelletier 2014-10-06 15:28:05 UTC 
This should have been fixed as a side effect of https://gerrit.wikimedia.org/r/#/c/163222/

Please verify?
Comment 4 Andre Klapper 2014-10-16 13:08:03 UTC 
(In reply to Marc A. Pelletier from comment #3)
> This should have been fixed as a side effect of
> https://gerrit.wikimedia.org/r/#/c/163222/
> 
> Please verify?

No reply by Krinkle, hence assuming it's fixed.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links