The older certificate had an "Organization: Luke Faraone" which was sub-
optimal. This new certificate is also based on a key that has not been made
available to our app instances in the past.
(imported from commit 0a8070bb16e4c640e6b4c06afee07ccf88495327)
The key for this certificate is the same as the key for
staging.humbughq.com.
The combined-chain was created according to the manner described in
commit 6544938ef29.
(imported from commit 99d5658d822bdffdd05b30c24f2e77d150ebf06f)
Chains generated consistent with 6544938ef2955d52c5e8d95f53c280322526a790:
cat STAR_humbughq_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > wildcard-humbughq.com.combined-chain.crt
The files added in this commit should be manually copied to
/etc/ssl/certs/ on prod.
(imported from commit 9d674d6a0f7ced686ddb078dd36e44a9e3df82c3)
Previously we presented the server cert, then the intermediate, then the
CA. This caused some browsers to break.
To resolve the issue, we ran:
wget http://www.startssl.com/certs/ca.pem -O startcom.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
cat app.humbughq.com.crt sub.class1.server.ca.pem startcom.pem > app.humbughq.com.combined-chain.crt
(repeating the last step for each .humbughq.com.crt)
Note: The resultant .combined-chain. files contain different
certificates than they did previously.
(imported from commit 6544938ef2955d52c5e8d95f53c280322526a790)
This is the format Nginx wants. It contains the following files concatenated
together in order:
app.humbughq.com.crt
startcom.pem
sub.class1.server.ca.pem
(imported from commit 6ed5679501f48729b4b4df19169042d5c0c37b5d)
Luke Faraone
Luke Faraone
Tim Abbott
Keegan McAllister