CCADB Update: Changing URLs (breaking change)
298 views
Skip to first unread message
Kathleen Wilson
Feb 13, 2023, 5:46:31 PM2/13/23
to CCADB Public
All,
https://help.salesforce.com/s/articleView?id=000393816&type=1
“Enhanced domains apply an org’s company-specific My Domain name to all URLs that Salesforce hosts for your org. This feature also changes domain suffixes (the part after the My Domain name) to meet the latest security standards.”
On February 17 between 7am and 12pm PT, we will be updating the CCADB to use enhanced domains. During this time we ask that you avoid logging into the CCADB, and be aware that URLs that you have been using will break and need to be updated.
The following existing URLs will need to be changed after this CCADB update.
- CCADB public report links such as those in www.ccadb.org/resources
Old: https://ccadb-public.secure.force.com/ccadb/Report
New: https://ccadb-public.my.salesforce-sites.com/ccadb/Report
- Links to direct pages in the CCADB (e.g. from crt.sh to CCADB)
Old: https://ccadb.force.com/pageID
New: https://ccadb.my.salesforce-sites.com/pageID
- AddUpdateIntermediateCertAPI may change/break
Host url: https://ccadb.my.site.com
Callback url: https://ccadb.my.site.com/callback
- ALV may stop working until we re-setup the integration
We will send a separate message on February 17 announcing the start of the migration and will post a message about the update on the CCADB Home Page. During the migration we ask that you avoid logging into the CCADB or using CCADB public reports.
Kathleen, on behalf of the CCADB Steering Committee
Salesforce is moving towards Enhanced Domains as explained here:
https://help.salesforce.com/s/articleView?id=000393816&type=1
“Enhanced domains apply an org’s company-specific My Domain name to all URLs that Salesforce hosts for your org. This feature also changes domain suffixes (the part after the My Domain name) to meet the latest security standards.”
On February 17 between 7am and 12pm PT, we will be updating the CCADB to use enhanced domains. During this time we ask that you avoid logging into the CCADB, and be aware that URLs that you have been using will break and need to be updated.
The following existing URLs will need to be changed after this CCADB update.
- CCADB public report links such as those in www.ccadb.org/resources
Old: https://ccadb-public.secure.force.com/ccadb/Report
New: https://ccadb-public.my.salesforce-sites.com/ccadb/Report
- Links to direct pages in the CCADB (e.g. from crt.sh to CCADB)
Old: https://ccadb.force.com/pageID
New: https://ccadb.my.salesforce-sites.com/pageID
- AddUpdateIntermediateCertAPI may change/break
Host url: https://ccadb.my.site.com
Callback url: https://ccadb.my.site.com/callback
- ALV may stop working until we re-setup the integration
We will send a separate message on February 17 announcing the start of the migration and will post a message about the update on the CCADB Home Page. During the migration we ask that you avoid logging into the CCADB or using CCADB public reports.
Kathleen, on behalf of the CCADB Steering Committee
Kathleen Wilson
Feb 17, 2023, 9:58:34 AM2/17/23
to CCADB Public
All,
This work has begun. Please avoid logging into the CCADB or using CCADB public reports until I post another message saying that we have finished the migration.
Thanks,
Kathleen, on behalf of the CCADB Steering Committee
Kathleen Wilson
Feb 17, 2023, 2:22:20 PM2/17/23
to CCADB Public, Kathleen Wilson
All,
The changes are complete. The following URLs have been changed.
1) AddUpdateIntermediateCert API - CAs using this service will need to make following changes. (I will update the API documentation in Github soon.)
Host URL https://ccadb.force.com -> https://ccadb.my.site.com
Callback URL https://ccadb.force.com -> https://ccadb.my.site.com/callback
2) CCADB public report links such as those in www.ccadb.org/resources
Thank you for your patience.
Kathleen, on behalf of the CCADB Steering Committee
The changes are complete. The following URLs have been changed.
1) AddUpdateIntermediateCert API - CAs using this service will need to make following changes. (I will update the API documentation in Github soon.)
Host URL https://ccadb.force.com -> https://ccadb.my.site.com
Callback URL https://ccadb.force.com -> https://ccadb.my.site.com/callback
2) CCADB public report links such as those in www.ccadb.org/resources
-- Currently redirects from old to new.
3) Links to direct pages in the CCADB (e.g. from crt.sh to CCADB)
Old: https://ccadb.force.com/pageID-- Currently redirects from old to new.
– The “Get URLs” button in the CCADB is currently not providing the correct URLs - hope to have it fixed soon.The old URLs for the public reports and the links to direct pages in the
CCADB are currently redirecting to the new URLs. While it is not urgent
to do so, we recommend that you update to the new URLs. We will also do
the same over the next week on ccadb.org and root store websites and
wiki pages.
Thank you for your patience.
Kathleen, on behalf of the CCADB Steering Committee
Rob Stradling
Feb 17, 2023, 3:13:40 PM2/17/23
to Kathleen Wilson, CCADB Public
Hi Kathleen.
I don't see this domain in DNS yet, and neither does https://dnschecker.org/#A/ccadb-public.my.salesforce-sites.com.
Is there a problem? Or is this an expected delay in global propagation of new DNS record(s)?
> 3) Links to direct pages in the CCADB (e.g. from crt.sh to CCADB)
In the pre-announcement, you wrote:
In the completion announcement, you wrote:
Both of these domains currently exist in DNS. Please could you confirm which one I should now use in crt.sh links?
From: Kathleen Wilson <kwi...@mozilla.com>
Sent: 17 February 2023 19:22
To: CCADB Public <pub...@ccadb.org>
Cc: Kathleen Wilson <kwi...@mozilla.com>
Subject: Re: CCADB Update: Changing URLs (breaking change)
Sent: 17 February 2023 19:22
To: CCADB Public <pub...@ccadb.org>
Cc: Kathleen Wilson <kwi...@mozilla.com>
Subject: Re: CCADB Update: Changing URLs (breaking change)
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
--
You received this message because you are subscribed to the Google Groups "CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public+un...@ccadb.org.
To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/95e4ebea-b8f2-40c6-8df4-6dbb2b5fb95dn%40ccadb.org.
You received this message because you are subscribed to the Google Groups "CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public+un...@ccadb.org.
To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/95e4ebea-b8f2-40c6-8df4-6dbb2b5fb95dn%40ccadb.org.
Kathleen Wilson
Feb 17, 2023, 4:20:38 PM2/17/23
to CCADB Public, r...@sectigo.com
--
On Friday, February 17, 2023 at 12:13:40 PM UTC-8 r...@sectigo.com wrote:
Hi Kathleen.
I don't see this domain in DNS yet, and neither does https://dnschecker.org/#A/ccadb-public.my.salesforce-sites.com.
Is there a problem? Or is this an expected delay in global propagation of new DNS record(s)?
--
Oh, sorry! I had a typo. For reports It should have been:
Old: https://ccadb-public.secure.force.com/ccadb/AllProblemReportingMechanismsReport
redirects to
New: https://ccadb.my.salesforce-sites.com/ccadb/AllProblemReportingMechanismsReport
--
> 3) Links to direct pages in the CCADB (e.g. from crt.sh to CCADB)
In the pre-announcement, you wrote:
In the completion announcement, you wrote:
Both of these domains currently exist in DNS. Please could you confirm which one I should now use in crt.sh links?
--
The completion announcement was correct for links to pages in the CCADB.
Old: https://ccadb.force.com/001o000000HsforAAB
redirects to
https://ccadb.my.site.com/001o000000HsforAAB
Thanks,
Kathleen
Rob Stradling
Feb 17, 2023, 4:30:19 PM2/17/23
to Kathleen Wilson, CCADB Public
Thanks Kathleen. I'll make the corresponding changes to crt.sh shortly.
When I try to login at https://ccadb.my.site.com/CustomLogin, it tells me that my password is incorrect. I've tried the
https://ccadb.my.site.com/apex/CustomForgotPassword process several times in an effort to sort this out, but it's stuck in a loop - I enter my email address and it sends me an email with a link,
but when I click on that link it takes me back to https://ccadb.my.site.com/CustomForgotPassword and asks me for my email address again.
Is it just me, or is anyone else having the same issues after today's CCADB changes?
From: Kathleen Wilson <kwi...@mozilla.com>
Sent: 17 February 2023 21:20
To: CCADB Public <pub...@ccadb.org>
Cc: Rob Stradling <r...@sectigo.com>
Sent: 17 February 2023 21:20
To: CCADB Public <pub...@ccadb.org>
Cc: Rob Stradling <r...@sectigo.com>
Subject: Re: CCADB Update: Changing URLs (breaking change)
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Kathleen Wilson
Feb 17, 2023, 4:40:15 PM2/17/23
to CCADB Public, r...@sectigo.com
Hi Rob,
Does your office have Microsoft Office365 with Safe Links protection enabled?
The only resolution available for this issue is to whitelist Salesforce domain within Safe links policy.
Previously in ccadb.org -> For CAs -> New User & Password Reset
we had documented that the domains to whitelist are:
https://ccadb.force.com/*https://login.salesforce.com/* OR https://*.salesforce.com
If you already have those domains in the whitelist, then does that mean that now you have to also add ccadb.my.site.com/* ?
Thanks,
Kathleen
Rob Stradling
Feb 17, 2023, 4:45:07 PM2/17/23
to Kathleen Wilson, CCADB Public
> Does your office have Microsoft Office365 with Safe Links protection enabled?
Yes, sadly. Thanks for the tip!
From: Kathleen Wilson <kwi...@mozilla.com>
Sent: 17 February 2023 21:40
Sent: 17 February 2023 21:40
To: CCADB Public <pub...@ccadb.org>
Cc: Rob Stradling <r...@sectigo.com>
Subject: Re: CCADB Update: Changing URLs (breaking change)
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Kathleen Wilson
Feb 17, 2023, 5:05:24 PM2/17/23
to CCADB Public, r...@sectigo.com
So all CCADB users who have Microsoft Office365 with Safe Links protection enabled are going to have to update their whitelist within their Safe links policy to add:
And on ccadb.org -> For CAs -> Login to the CCADB
I'm going to have to update that link from
https://ccadb.force.com/CustomLogin
to
https://ccadb.my.site.com/CustomLogin
Thanks,
Kathleen
On Friday, February 17, 2023 at 1:45:07 PM UTC-8 r...@sectigo.com wrote:
> Does your office have Microsoft Office365 with Safe Links protection enabled?
Yes, sadly. Thanks for the tip!
Kathleen Wilson
Feb 18, 2023, 3:21:05 PM2/18/23
to CCADB Public
The following email has been sent via the CCADB to all CA points-of-contacts who currently have CCADB logins.
--
Dear Certification Authority Operator,
The CCADB has been updated to Salesforce Enhanced Domains, as described here:
https://help.salesforce.com/s/articleView?id=000393816&type=1
This change may impact you as follows.
1) The CA Login page changed from
The CCADB has been updated to Salesforce Enhanced Domains, as described here:
https://help.salesforce.com/s/articleView?id=000393816&type=1
This change may impact you as follows.
1) The CA Login page changed from
We recommend that you use the CCADB website when logging into the CCADB:
ccadb.org -> For CAs -> Login to CCADB
2) CAs who have Microsoft Office365 with Safe Links protection enabled, please have your system administrator update their whitelist within their Safe links policy to add: ccadb.my.site.com/*.
(and remove ccadb.force.com)
reference: https://help.salesforce.com/s/articleView?id=000354234&type=1
3) CAs who use the CCADB API, please update the host and callback URLs.
ccadb.org -> For CAs -> Login to CCADB
2) CAs who have Microsoft Office365 with Safe Links protection enabled, please have your system administrator update their whitelist within their Safe links policy to add: ccadb.my.site.com/*.
(and remove ccadb.force.com)
reference: https://help.salesforce.com/s/articleView?id=000354234&type=1
3) CAs who use the CCADB API, please update the host and callback URLs.
Host URL https://ccadb.force.com -> https://ccadb.my.site.com
Callback URL https://ccadb.force.com -> https://ccadb.my.site.com/callback
reference: https://github.com/mozilla/CCADB-Tools/tree/master/API_AddUpdateIntermediateCert
4) CCADB Public report links have changed. They are currently redirected, but we recommend that you update to the new URLs soon.
Old: https://ccadb-public.secure.force.com/
New: https://ccadb.my.salesforce-sites.com/
5) CA links to pages within the CCADB have also been changed. They are currently redirected, but we recommend that you update to the new URLs soon.
4) CCADB Public report links have changed. They are currently redirected, but we recommend that you update to the new URLs soon.
Old: https://ccadb-public.secure.force.com/
New: https://ccadb.my.salesforce-sites.com/
5) CA links to pages within the CCADB have also been changed. They are currently redirected, but we recommend that you update to the new URLs soon.
Best regards,
CCADB Support
CCADB Support
--
Reply all
Reply to author
Forward
0 new messages