Page MenuHomePhabricator

Implement SSL certificate on Wikimedia DC server (wikimediadc.org)
Closed, ResolvedPublic

Description

Wikimedia DC has an SSL certificate from Gandi. Jeremyb knows more about it.

Since we own it, why not use it? I am mostly interested in using it for Stripe payment processing, which will handle the actual payment processing (including PCI compliance) as long as we use SSL on our end. But there are other uses, such as having login / logged in users handled by HTTPS, like with Wikimedia projects. Thoughts?

[Update] In light of recent events (e.g. https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/) I am suggesting that we use HTTPS for all of Wikimedia DC's web properties. I am also bumping this up to High priority

Event Timeline

Harej created this task.Feb 10 2015, 4:51 AM
Harej assigned this task to Legoktm.
Harej raised the priority of this task from to Medium.
Harej updated the task description. (Show Details)
Harej added a project: Wikimedia-DC.
Harej added subscribers: Harej, jeremyb, Isarra, Emufarmers.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 10 2015, 4:51 AM
Harej raised the priority of this task from Medium to High.May 1 2015, 6:04 PM
Harej updated the task description. (Show Details)
Harej set Security to None.
Harej added a comment.May 20 2015, 2:29 PM

@Legoktm, are there any specific blockers to implementation, such as updating the server software?

Harej moved this task from Backlog to Stalled on the Wikimedia-DC board.Jul 28 2015, 6:32 PM
aude added a subscriber: aude.Sep 22 2015, 5:47 PM

https://wikimediadc.org now works. In about a week I'll switch it over to HTTPS-only.

Legoktm moved this task from Stalled to In Progress on the Wikimedia-DC board.Oct 18 2015, 11:53 PM
Harej renamed this task from Implement SSL certificate on Wikimedia DC server to Implement SSL certificate on Wikimedia DC server (wikimediadc.org).Nov 4 2015, 4:27 PM
Legoktm closed this task as Resolved.Dec 4 2015, 8:44 AM

The main wmdc wiki is now HTTPS-only. I'll file a follow up ticket for all the other random domains that WMDC controls.

km@km-tp ~> curl -I "http://wikimediadc.org"
HTTP/1.1 301 Moved Permanently
Server: Apache/2.2.22 (Ubuntu)
Location: https://wikimediadc.org/
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 04 Dec 2015 08:42:54 GMT
X-Varnish: 531894175
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Harej moved this task from In Progress to Done on the Wikimedia-DC board.Jan 7 2016, 5:27 AM