https://bugzilla.wikimedia.org/show_bug.cgi?id=56938
--- Comment #24 from Philippe Verdy <[email protected]> --- Note: the former security certificates for uk.wikimedia.org will no longer validate in your new domain. If the WMF reconfigure its DNS to redirect the trafic to uk.wikimedia.org to the new domain wikimedia.org.uk, then the HTTPS trafic trying to connect to uk.wikimedia.org will reach your webserver (accepting HTTP connections to the old domain in order to redirect it to the locally hosted new domain). But HTTPS may not work for two reasons: - you don't have the security keys needed to sign your new site certificate, so the new server may be considered as if it was attempting to still the former domain. - IPSEC may have been activated in the former domain, and changing the former canonical subdomain to make it a CNAME aliaed to a new canonical domain may cause IPSEC to return an error, and the browser to reject the connections (or warn the user that the new domain may have been illegitimitately redirected). - You webserver still needs to perform an HTTP(S) redirect of the queries host to the new domain. - Your redirector should preserve the protocol (when querying initially the old domain on your web server with HTTPS, you should redirect to the new domain using also HTTPS instead of HTTP). - You need a new certificate for the HTTPS protocol used by your webserver for your new domain. This certificate is independant of the certificate issued for authenticating domains of the WMF (but the WMF may add its own signature to approve your new domain as being legitimate for the two redirection performed on the WMF DNS *and* on your web server) So I recommand you really test the connection (using the local hostfile solution temporarily) to make sure that HTTPS links from pages in Wikipedia will not invalidate some checks performed by web servers, or plugins or other antivirus tools checking sites authenticity. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
