Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL certificate used on bam.nr-data.net will be distrusted soon #3628

Closed
mithro opened this issue Feb 17, 2018 · 2 comments
Closed

SSL certificate used on bam.nr-data.net will be distrusted soon #3628

mithro opened this issue Feb 17, 2018 · 2 comments
Labels
Bug A bug

Comments

@mithro
Copy link

mithro commented Feb 17, 2018

Details

The admin interface for ReadTheDocs includes resources from the domain https://bam.nr-data.net

The domain https://bam.nr-data.net uses a SSL certificate which will be soon distrusted in most web browsers such as Chrome from M70 onwards. If you load the admin page currently and open the Chrome console you will get the following warning;

(index):1 The SSL certificate used to load resources from https://bam.nr-data.net will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.

From the page https://g.co/chrome/symantecpkicerts you get the following;

At the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and ultimately remove, trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web. This plan, arrived at after significant debate on the blink-dev forum, would allow reasonable time for a transition to new, independently-operated Managed Partner Infrastructure while Symantec modernizes and redesigns its infrastructure to adhere to industry standards. This post reiterates this plan and includes a timeline detailing when site operators may need to obtain new certificates.

Now that SSL certificates can be gotten for free from LetsEncrypt it would probably be a good idea to move sooner rather than later.

The bam.nr-data.net URL seems to come from some type of beacon or error reporting functionality?

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script type="text/javascript">
...
NREUM.info={
 "beacon":"bam.nr-data.net",
 "queueTime":0,
 "licenseKey":"97a187b9fc",
 "agent":"",
 "transactionName":"Y1ZSNktWWkEDBUdbDVocdhdXVEBbDQgcQAdVV0QKXFNbURFIQ0ANXlZTFkoZQlsHEUAcEkZaRgNNUg5iEAlZVwFAZkAGWENRHAUDRw==",
 "applicationID":"2379096",
 "errorBeacon":"bam.nr-data.net",
 "applicationTime":140}
</script>
@davidfischer
Copy link
Contributor

That URL is operated by New Relic, an error reporting provider. They appear to have updated their certificate. Shall I go ahead and close this?

@RichardLitt
Copy link
Member

@davidfischer If it's not a bug anymore, seems like you should. :D

@RichardLitt RichardLitt added the Bug A bug label Mar 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug A bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mithro @davidfischer @RichardLitt