Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1469099

Summary: certificate for review.gluster.org expired, and Firefox does not allow adding it as exception
Product: [Community] GlusterFS Reporter: Niels de Vos <ndevos>
Component: project-infrastructureAssignee: bugs <bugs>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: mainlineCC: bugs, gluster-infra, mscherer, nigelb
Target Milestone: ---Keywords: Security, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-19 12:40:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Niels de Vos 2017-07-10 12:11:17 UTC 
When accessing https://review.gluster.org , I get the following warning from Firefox:

---
Your connection is not secure

The owner of review.gluster.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
---

The "more info" link shows this:

---
review.gluster.org uses an invalid security certificate.

The certificate expired on July 10, 2017 at 1:07 PM. The current time is July 10, 2017 at 2:03 PM.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE
---

Not being able to access Gerrit makes it (almost) impossible to do reviews of posted changes. This is a critical service for the Gluster project.
Comment 1 M. Scherer 2017-07-10 12:49:10 UTC 
ok so the whole proxy for review is breaking the renewal of the certificate.

It is fixed (I add to comment the ProxyPass and fiddle manually). However, i remember we had trouble to get this work like we wanted :/
Comment 2 Andrej Nemec 2017-07-19 12:40:33 UTC 
This seem to be fixed now, with the new certificate valid until the October.