There are two SSL/security issues when I try to visit the SSL version of any Wikimedia beta cluster:
- The certificate is a self-signed certificate, therefore the certificate is not valid.
- The intended URL that should be issued by the certificate doesn't match with the current URL.
Issue #1 can be solved by installing the certificate to the Trusted Certificate Authorities folder, but this doesn't really solve the whole problem. There are some users that don't know or not familiar with installing certificates, so this should be solved.
Issue #2 occurs because if we will see the "Issued to" field, it is *.*.beta.wmflabs.org. Due to that, it doesn't include the other sub-domains it have (such as commons.wikimedia.beta.wmflabs.org). Unfortunately, we cannot solve it unlike Issue #1, so this should be solved by a system administrator. Also, Issue #2 will not appear on mobile browsers (such as Safari iOS).
If these issues are fixed, I think it is safe if we redirect the whole beta.wmflabs.org domain from HTTP to HTTPS. I will provide a screenshot by tomorrow. Thanks.