HTTPS not available - mig.mozilla.org
SCMGuruLLC opened this issue · comments
The issue here isn't that there isn't HTTPS, but that the certificate used for the site is signed for GitHub. Since no subjectAltName extension values are provided, the Common Name is the source of truth that the browser relies on.
You may also want to look at the TLS analysis section of the Observatory. The certificate itself is valid. https://observatory.mozilla.org/analyze.html?host=mig.mozilla.org#tls
~ ❯ openssl s_client -connect mig.mozilla.org:443 -showcerts [ruby-2.3.0]
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3612 bytes and written 434 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: ED7DD9F94AB5C46F2324BE2F38613CAE671D50C9323B12C56B81766CCA219BF3
Session-ID-ctx:
Master-Key: BB00E4C2D9E55B63FAD66941F8A65BDC178D7F9123EF0697C96E04E4C535867F424DC3CF1C0F5E74B723CE7DF518668F
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1514353817
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
I'd suggest the maintainers update the certificate, but otherwise this issue should be closed.