Have HTTPS on all the subdomains of tails.boum.org
Originally created by @intrigeri on #8192 (Redmine)
To be on Firefox’s HSTS preload list, one has to be on Chrome’s list. To
be on Chrome’s HSTS preload list, one has to use the includeSubdomains
option in the HSTS header. So, in order to have tails.b.o on these
lists, we need valid certificates for all our subdomains of tails.b.o,
otherwise various pieces of our infrastructure (e.g. Jenkins) will be
unreachable (major browsers don’t let you validate a self-signed
certificate by hand, if HSTS is enabled for this domain).
To do so, we can either:
a. Get a commercial wildcard certificate for *.tails.boum.org.
b. Get Let’s Encrypt certificates for each one of our subdomains.
Parent Task: tails#8191 (closed)
Related issues
- Related to tails#8143 (closed)
- Blocks tails#9102 (closed)