Wintellect Blogs

A Tale of Two Certies

26 Aug , 2014  

For the past several months, Wintellect has been re-architecting the http://WintellectNOW.com website. We built a new storage model that separates users from accounts. This allows us to accommodate our corporate and enterprise customers better. For example, with the new system, an account can have multiple administrators allowing multiple people within a company to control who can and can’t watch videos. We’ve also been working on a much improved user experience so watching and learning from all our videos is much cleaner and faster. We haven’t launched these improvements publicly yet; but hope to in the next few months.

However, on August 23rd 2014, we did launch the new site internally for testing. Since we require SSL across the whole site, we needed a certificate and since the site will ultimately be deployed at http://WintellectNOW.com, we decided we’d use that certificate. WintellectNOW runs as a Microsoft Azure Cloud Service and so we went to our certificate authority’s website and re-keyed our WintellectNOW SSL certificate and uploaded it to our testing site: so far, so good.

A few days later, some customers contacted us telling us that the public WintellectNOW website was unreachable. Their browsers were reporting to us that there was something wrong with our certificate. Once we got the reports, we tried accessing the site from several devices. All mobile phones could access the site perfectly while browsers running on desktop computers reported certificate errors. Some of those browsers, such as Internet Explorer, refused access to the site, but others, like Safari, let us continue to the site after reporting the certificate error. Even more interesting is that some browsers just said there was a problem with the certificate. The failure inconsistencies and the fact that we didn’t touch the public-facing site made the whole thing quite puzzling.

It took us about 30 minutes (with some more experimentation) to reason it out. Our certificate authority revokes a certificate when you re-key it. Apparently, not all certificate authorities do this but ours does. And, not all browsers honor this, but some do. I would have expected a “NOTE: Re-keying a certificate revokes your current certificate.” in big bold red letters to be on the CA’s webpage where you do the re-keying but no such text is there. Now that we knew what was wrong, it was really easy to fix it: we uploaded the new certificate to the public WintellectNOW website and then uploaded a new Azure Service Configuration (.cscfg) file to our role instances and the site was back again working for everyone within 5 minutes.

While this was a fire-drill that had several Wintellectuals working on the problem, it was a great lesson to learn (which is why I wanted to share it with this blog post). And, it was also reassuring to see how well we handled an unexpected problem as a team and how quickly we were able to resolve the issues for the customers who were experiencing problems.

We are very excited about the WintellectNOW website as is stands today and about our plans for its future. If you’d like to explore our deep, rich technical contact for two weeks free, register using this link: https://www.wintellectnow.com/Account/Promo/JeffreyR-2013.

On a side note: We license and optionally manage the WintellectNOW website to other companies who use it as their own video delivery platform. The architectural changes we’ve been making to the site helps these companies too. Please contact Wintellect if you’d like to use the WintellectNOW website for you own company’s video delivery system.

image