Page MenuHomePhabricator
Create Task
Maniphest T66484

Fix SSL certificate of noc.wikimedia.org
Closed, ResolvedPublic
Actions

Description

[16:00 UTC] cvn-apache5.eqiad.wmflabs$ bin/update
+ curl https://noc.wikimedia.org/conf/all.dblist

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed
0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

Version: wmf-deployment
Severity: normal

Details

Reference
bz64484

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:24 AM
bzimport added a project: HTTPS.
bzimport set Reference to bz64484.
Krinkle created this task.Apr 26 2014, 4:04 PM
Krinkle added a comment.Apr 26 2014, 4:06 PM

Note that when running locally (Mac OS X, latest) it works fine without errors. I only get these on Ubuntu and/or Labs.

scfc added a comment.Apr 26 2014, 5:48 PM

On a more general note, it would be nice to add a test for this as part of our Icinga checks for https servers.

coren added a comment.Oct 6 2014, 3:28 PM

This should have been fixed as a side effect of https://gerrit.wikimedia.org/r/#/c/163222/

Please verify?

Aklapper added a comment.Oct 16 2014, 1:08 PM

(In reply to Marc A. Pelletier from comment #3)

This should have been fixed as a side effect of
https://gerrit.wikimedia.org/r/#/c/163222/

Please verify?

No reply by Krinkle, hence assuming it's fixed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL