Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2429

cert.ci sets HSTS with self-signed cert

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Did Not Connect: Potential Security Issue

      Firefox detected a potential security threat and did not continue to cert.ci.jenkins.io because this website requires a secure connection.

      cert.ci.jenkins.io has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.

      Self-signed cert + HSTS doesn't work.

        Attachments

          Activity

          Hide
          olblak Olivier Vernin added a comment -

          It was a letsencrypt certificate, so there is definitely something wrong here

          Show
          olblak Olivier Vernin added a comment - It was a letsencrypt certificate, so there is definitely something wrong here
          Hide
          olblak Olivier Vernin added a comment -

          :o not there

          Show
          olblak Olivier Vernin added a comment - :o not there
          Hide
          danielbeck Daniel Beck added a comment -

          Apparently jenkins.io was served with HSTS a while back, because that's the default in Kubernetes and nobody around these parts knew. My browser remembered, and there is no documented way to make it forget about that without erasing all cookies, passwords, and history for all of *.jenkins.io is. What a shitshow.

          Show
          danielbeck Daniel Beck added a comment - Apparently jenkins.io was served with HSTS a while back, because that's the default in Kubernetes and nobody around these parts knew. My browser remembered, and there is no documented way to make it forget about that without erasing all cookies, passwords, and history for all of *.jenkins.io is. What a shitshow.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            danielbeck Daniel Beck
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: