Project

General

Profile

Bug #3490

https/ssl certificate signing for non *.commons.gc.cuny.edu domains

Added by Keith Miyake almost 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
Server
Target version:
Start date:
2014-09-23
Due date:
% Done:

0%

Estimated time:

Description

For sites that are not hosted under the *.commons.gc.cuny.edu domain, the existing https certificate does not verify, causing problems for loading pages in browsers that check the certificates, particularly when logged in. Would it be possible to somehow add individual sites to the certificate or to verify based on the *.gc.cuny.edu domain?

One of the big problems posed is when users are logged in to the commons and they visit one of the affected sites, some browsers (chrome) won't load resources that requested over http, which are requested as such because the ssl cert rejection causes the wordpress backend to default to http, or something along those lines...

The four specific sites for which I've observed this problem are:
pcp.gc.cuny.edu
globalization.gc.cuny.edu
studyofreligion.gc.cuny.edu
sciencestudies.gc.cuny.edu

History

#1 Updated by Boone Gorges almost 5 years ago

  • Status changed from New to Reporter Feedback

Hi Keith - Is it important that these sites be available over https? What if, as an interim fix, we forced all traffic not covered by the certificate over HTTP?

#2 Updated by Keith Miyake almost 5 years ago

I don't think it's terribly important for it to use https, especially since the problem only really comes up when users log in. If the whole site is loaded via http when users are logged in, that should work perfectly.

#3 Updated by Boone Gorges almost 5 years ago

  • Category name set to Server
  • Assignee set to Boone Gorges
  • Target version set to Not tracked

Thanks, Keith. I've made some changes on the server so that all https requests on pages not covered by the *.commons.gc.cuny.edu are now directed to their non-SSL counterparts. However, in my (somewhat limited) testing, I had mixed results: the redirect is working, but only after the server has actually been contacted; and trying to access eg https://pcp.gc.cuny.edu throws an "untrusted connection" browser warning before the site is even hit.

Will you test a little bit to see if what's currently in place is solving your problems? If not, could you be a bit more specific about the particular scenarios where the problem is being exhibited?

#4 Updated by Keith Miyake almost 5 years ago

  • Status changed from Reporter Feedback to Resolved

You're awesome, Boone! Like you mentioned, I'm still getting the certificate warning if I go directly to https://pcp.gc.cuny.edu, but if I go to the non-ssl site it seems to work fine. And the primary problem--elements not loading because of mixed http/s when logged in--seems to be fixed since everything is loading over http now. I think we can mark this as closed.

#5 Updated by Boone Gorges almost 5 years ago

  • Target version changed from Not tracked to 1.6.17

Great - so glad to have helped! Thanks again for the report.

Also available in: Atom PDF