Custom Query (196 matches)
Results (91 - 93 of 196)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#48 | fixed | SNI, giving certificates on *.scripts.mit.edu for FF 2 and IE 7 | presbrey | andersk |
Description |
Currently lockername.scripts.mit.edu gives a certificate error. We have a valid certificate for *.scripts.mit.edu but it is currently not used. The problem is that (modulo recent extensions) the HTTPS protocol doesn’t support sending the virtual host name before the server must decide which certificate to present. There have been two proposed solutions. One is to use the SNI extension. This requires upgrading OpenSSL to at least 0.9.8f, patching mod_ssl, and using relatively recent browsers (old browsers will fall back to the current behavior). The other is to move *.scripts.mit.edu to a separate IP from scripts.mit.edu, so that the server knows which certificate to present based on the IP. This is less general (we can’t extend this to work with arbitrary vhosts), but we could probably implement it now. |
|||
#270 | fixed | Scripts LVS upgrade needs work | achernya | |
Description |
Remaining tasks:
|
|||
#280 | fixed | Separate core AFS monitoring from foreign cells | adehnert | adehnert |
Description |
At the moment, it's hard to tell when a nagios AFS warning is due to something we care about (-c athena or -c sipb mostly, I think) going down vs. some foreign cell. We probably want separate nagios checks for the two. |