SSL communication has to be done both between
- Fastly and visitor
- Fastly and backend (our servers)
At this moment, only the first case is fulfilled, that’s what we change for all services that are served by Fastly.
Web apps progress
Estimated steps
- Update documentation in https://docs.webplatform.org/wiki/WPD:Infrastructure/architecture/SSL_certificates
- Ensure any public facing subdomains, on both webplatform.org AND webplatformstaging.org has valid certificates from an accepted CA
- Use StartSSL certificates for the obscure endpoints but yet user facing (e.g. oauth.accounts.webplatform.org MUST be from a known Certificate Authority, but most users won’t see in their browsers)
- Make sure Fastly has them installed
- Make sure Fastly connects to backends servers (our VMs) through IPADDR:443
- Make sure all web servers (e.g. NGINX & Apache) has the certificates AND that each subdomain uses the right certificate
SSL communication has to be done both between
At this moment, only the first case is fulfilled, that’s what we change for all services that are served by Fastly.
Web apps progress
Estimated steps