Page MenuHomePhabricator
Create Task
Maniphest T250098

Audit usage of *.tools.wmflabs.org GlobalSign TLS certificate and migrate any usage to LE
Closed, ResolvedPublic
Actions

Description

The GlobalSign certificate that we have used in the past for *.tools.wmflabs.org expires on 2020-06-24. We should replace this wildcard cert with either a Let's Encrypt wildcard or possibly better just individual certs for services that need it.

Details

Due Date
May 29 2020, 12:00 AM

Related Objects
Search...

Event Timeline

bd808 created this task.Apr 13 2020, 5:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 13 2020, 5:08 PM
bd808 added a parent task: Unknown Object (Task).Apr 13 2020, 5:08 PM
bd808 moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.Apr 15 2020, 10:55 PM
mdaniels5757 subscribed.Apr 20 2020, 4:11 PM
JHedden triaged this task as High priority.Apr 21 2020, 4:28 PM
bd808 set Due Date to May 29 2020, 12:00 AM.Apr 21 2020, 4:28 PM
Bstorm closed this task as Resolved.Apr 30 2020, 8:57 PM
Bstorm claimed this task.
Bstorm subscribed.

I see that T235252: Toolforge: SSL support for new domain toolforge.org created a cert that includes *.tools.wmflabs.org.
In https://github.com/wikimedia/puppet/commit/3a4773217e1fb06809cc080058e845dff2b60c21, we switched to the let's encrypt cert and then we removed the old cert from puppet https://github.com/wikimedia/puppet/commit/cfed4132d455ce8a343884f5e1b21b81b1588647

I do not believe it is currently used anywhere anymore with searching. I checked every place I know it used to be used, and it mentions the acme chief/LE setup instead in puppet. The only other place was the old k8s master, and that's deleted.

bd808 mentioned this in Unknown Object (Task).May 1 2020, 5:58 PM
mdaniels5757 unsubscribed.May 28 2020, 7:40 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits