--- Comment #24 from Philippe Verdy <verd...@wanadoo.fr> ---
Note: the former security certificates for uk.wikimedia.org will no longer
validate in your new domain.
If the WMF reconfigure its DNS to redirect the trafic to uk.wikimedia.org to
the new domain wikimedia.org.uk, then the HTTPS trafic trying to connect to
uk.wikimedia.org will reach your webserver (accepting HTTP connections to the
old domain in order to redirect it to the locally hosted new domain).
But HTTPS may not work for two reasons:
- you don't have the security keys needed to sign your new site certificate, so
the new server may be considered as if it was attempting to still the former
- IPSEC may have been activated in the former domain, and changing the former
canonical subdomain to make it a CNAME aliaed to a new canonical domain may
cause IPSEC to return an error, and the browser to reject the connections (or
warn the user that the new domain may have been illegitimitately redirected).
- You webserver still needs to perform an HTTP(S) redirect of the queries host
to the new domain.
- Your redirector should preserve the protocol (when querying initially the old
domain on your web server with HTTPS, you should redirect to the new domain
using also HTTPS instead of HTTP).
- You need a new certificate for the HTTPS protocol used by your webserver for
your new domain. This certificate is independant of the certificate issued for
authenticating domains of the WMF (but the WMF may add its own signature to
approve your new domain as being legitimate for the two redirection performed
on the WMF DNS *and* on your web server)
So I recommand you really test the connection (using the local hostfile
solution temporarily) to make sure that HTTPS links from pages in Wikipedia
will not invalidate some checks performed by web servers, or plugins or other
antivirus tools checking sites authenticity.
You are receiving this mail because:
You are on the CC list for the bug.
Wikibugs-l mailing list