Project

General

Profile

tickets #94192

Certificate problem with https://bugzilla.opensuse.com/

Added by robin_listas about 2 months ago. Updated 23 days ago.

Status:
Workable
Priority:
Normal
Assignee:
Category:
Core services and infra
Target version:
-
Start date:
2021-06-17
Due date:
% Done:

0%

Estimated time:

Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't know if we own this domain?

https://bugzilla.opensuse.com

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to
bugzilla.opensuse.com. If you visit this site, attackers could try to
steal information like your passwords, emails, or credit card details.

What can you do about it?

The issue is most likely with the website, and there is nothing you can do
to resolve it. You can notify the website’s administrator about the
problem.

Learn more…

Websites prove their identity via certificates. Firefox does not trust
this site because it uses a certificate that is not valid for
bugzilla.opensuse.com. The certificate is only valid for the following
names: *.opensuse.org, opensuse.org

Error code: SSL_ERROR_BAD_CERT_DOMAIN

View Certificate

(I can't paste the certificate information except one line at a time)


Cheers / Saludos,

Carlos E. R.
(from 15.1 x86_64 at Legolas)

-----BEGIN PGP SIGNATURE-----

iHYEARECADYWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYMt9iBgcY2FybG9zLmUu
ckBvcGVuc3VzZS5vcmcACgkQtTMYHG2NR9WzlACcDuIjTEsScT18II0pH/wniZkb
lrwAn0o45YhB3dX5YlYXjgS9CB84abr2
=ASlC
-----END PGP SIGNATURE-----

History

#1 Updated by pjessen about 2 months ago

  • Private changed from Yes to No

robin_listas wrote:

I don't know if we own this domain?

https://bugzilla.opensuse.com

It is served by our nameservers, so probably.

I don't know what it is being used for though. www.opensuse.com seems to take me to download.o.o.

#2 Updated by cboltz about 2 months ago

opensuse.com and *.opensuse.com all point to our haproxy, we "just" don't have a certificate for it.

AFAIK the haproxy config defaults to delivering download.o.o if it doesn't have config for a domain, so (besides getting a certificate) we should probably add some redirects for opensuse.com in the haproxy config.

I also wonder if we really want/need the *.opensuse.com wildcard DNS entry, but that's another topic.

#3 Updated by lrupp 23 days ago

  • Status changed from New to Workable
  • Assignee set to cboltz

#5 Updated by lrupp 23 days ago

  • Category set to Core services and infra

Also available in: Atom PDF