Skip to content
This repository has been archived by the owner on Sep 14, 2019. It is now read-only.

HTTPS not available - mig.mozilla.org #416

Open
SCMGuruLLC opened this issue Dec 8, 2017 · 1 comment
Open

HTTPS not available - mig.mozilla.org #416

SCMGuruLLC opened this issue Dec 8, 2017 · 1 comment

Comments

@SCMGuruLLC
Copy link

https://observatory.mozilla.org/analyze.html?host=mig.mozilla.org
@signus
Copy link

signus commented Dec 27, 2017
edited
Loading

The issue here isn't that there isn't HTTPS, but that the certificate used for the site is signed for GitHub. Since no subjectAltName extension values are provided, the Common Name is the source of truth that the browser relies on.

You may also want to look at the TLS analysis section of the Observatory. The certificate itself is valid. https://observatory.mozilla.org/analyze.html?host=mig.mozilla.org#tls

~ ❯ openssl s_client -connect mig.mozilla.org:443 -showcerts                                                                                                                                   [ruby-2.3.0]
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
-----BEGIN CERTIFICATE-----
   ...
-----END CERTIFICATE-----
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-----BEGIN CERTIFICATE-----
   ...
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3612 bytes and written 434 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: ED7DD9F94AB5C46F2324BE2F38613CAE671D50C9323B12C56B81766CCA219BF3
    Session-ID-ctx:
    Master-Key: BB00E4C2D9E55B63FAD66941F8A65BDC178D7F9123EF0697C96E04E4C535867F424DC3CF1C0F5E74B723CE7DF518668F
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1514353817
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

I'd suggest the maintainers update the certificate, but otherwise this issue should be closed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SCMGuruLLC @signus