Remove explore. alternative name from HCA portal cert #4297
Comments
|
Assignee to provide description. |
|
The ACM certificate for the HCA Data Portal currently lists an subject alternative name for This discrepancy caused a disruption during the automatic renewal of the certificate: ACM failed to renew the portal certificate because the corresponding validation record was missing from the Route 53 zone for the browser. Luckily, someone at Sanger noticed the expiring certificate and we were able to fix this temporarily by create validation records for the portal certificate (managed by CC) in the Data Browser account managed by the Azul team. We need to clearly separate the portal from the browser. The portal certificate should not list a browser domain name as a subject alternative name. The subject alternative name serves no purpose in that certificate because the Data Browser uses a separate certificate managed by Azul. We risk running into renewal problems again if someone accidentally removes the validation records that we created as a temporary fix. Please create a new portal certificate that does not list |
|
Thanks, will fix. |
|
To complete separation of data.humancellatlas.org and explore.data.humancellatlas.org it would be desirable to transfer Route53 management for data.humancellatlas.org zone from platform-hca-prod to platform-hca-portal. Please review the configuration of Route53 for data.humancellatlas.org in platform-hca-prod. It should be separate from explore.data.humancellatlas.org hosted zone. If that is the case, please export the zone so that we can recreate it in platform-hca-portal and request change in delegation for management from the humancellatlas.org admin. |
See below for description.
The text was updated successfully, but these errors were encountered: