tickets #94192
closedCertificate problem with https://bugzilla.opensuse.com/
0%
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't know if we own this domain?
Warning: Potential Security Risk Ahead
Firefox detected a potential security threat and did not continue to
bugzilla.opensuse.com. If you visit this site, attackers could try to
steal information like your passwords, emails, or credit card details.
What can you do about it?
The issue is most likely with the website, and there is nothing you can do
to resolve it. You can notify the website’s administrator about the
problem.
Learn more…
Websites prove their identity via certificates. Firefox does not trust
this site because it uses a certificate that is not valid for
bugzilla.opensuse.com. The certificate is only valid for the following
names: *.opensuse.org, opensuse.org
Error code: SSL_ERROR_BAD_CERT_DOMAIN
View Certificate
(I can't paste the certificate information except one line at a time)
Cheers / Saludos,
Carlos E. R.
(from 15.1 x86_64 at Legolas)
-----BEGIN PGP SIGNATURE-----
iHYEARECADYWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYMt9iBgcY2FybG9zLmUu
ckBvcGVuc3VzZS5vcmcACgkQtTMYHG2NR9WzlACcDuIjTEsScT18II0pH/wniZkb
lrwAn0o45YhB3dX5YlYXjgS9CB84abr2
=ASlC
-----END PGP SIGNATURE-----
Updated by pjessen almost 3 years ago
- Private changed from Yes to No
robin_listas wrote:
I don't know if we own this domain?
It is served by our nameservers, so probably.
I don't know what it is being used for though. www.opensuse.com seems to take me to download.o.o.
Updated by cboltz almost 3 years ago
opensuse.com and *.opensuse.com all point to our haproxy, we "just" don't have a certificate for it.
AFAIK the haproxy config defaults to delivering download.o.o if it doesn't have config for a domain, so (besides getting a certificate) we should probably add some redirects for opensuse.com in the haproxy config.
I also wonder if we really want/need the *.opensuse.com wildcard DNS entry, but that's another topic.
Updated by lrupp almost 3 years ago
- Status changed from New to Workable
- Assignee set to cboltz
Updated by lrupp almost 3 years ago
- Category set to Core services and virtual infrastructure
Updated by pjessen over 2 years ago
If "opensuse.com" resolves, and it should resolve, a holding page with alternative links might be the right thing. If "opensuse.com" is not used, maybe we should just remove it from DNS ?
Updated by lrupp over 2 years ago
pjessen wrote:
If "opensuse.com" resolves, and it should resolve, a holding page with alternative links might be the right thing. If "opensuse.com" is not used, maybe we should just remove it from DNS ?
Feel free to do what you find correct to do. ;-)
Updated by crameleon over 1 year ago
I think this was coincidentally resolved along with repairing TLS for redirecting domains in #75250. Because of this, there is no reason to remove the opensuse.com DNS records anymore either. Can this ticket be closed?
Updated by robin_listas over 1 year ago
It doesn't produce an error now, which is good.
If I try to open https://bugzilla.opensuse.com it open instead https://www.opensuse.org/; no error, but maybe confusing to a newcomer. Perhaps it would be nicer to display an information page with links to correct places :-?
Updated by pjessen over 1 year ago
robin_listas wrote:
It doesn't produce an error now, which is good.
If I try to open https://bugzilla.opensuse.com it open instead https://www.opensuse.org/; no error, but maybe confusing to a newcomer. Perhaps it would be nicer to display an information page with links to correct places :-?
Yeah, that would probably be the nice thing to do - I would just have deleted the DNS records long ago. We simply do not have any on-line presence under "opensuse.com", and as far as I am aware, we don't want one. I think the current situation is acceptable though, but if someone can be bothered to set up a nice information page, I guess we could redirect to static.o.o ?
Updated by crameleon 11 months ago
- Status changed from Workable to Closed
- Assignee deleted (
cboltz)
This is not specific to Bugzilla. If someone wants to set up a landing page to replace our current redirects of invalid domains to https://www.opensuse.org/ with, feel free to make it a task.
Updated by pjessen 11 months ago
crameleon wrote:
If someone wants to set up a landing page to replace our current redirects of invalid domains to https://www.opensuse.org/ with, feel free to make it a task.
That is what this ticket was meant to do - be a placeholder task :-) I guess it can be reopened if anyone is interested. I'll try to remember to add it to my list of newbie jobs.