15 file { '/etc/ssl/servicecerts':
21 source => 'puppet:///modules/ssl/servicecerts/',
22 notify => Exec['make_new_service_links']
25 file { '/etc/ssl/debian':
31 source => 'puppet:///files/empty/'
33 file { '/etc/ssl/debian/certs':
37 file { '/etc/ssl/debian/crls':
41 file { '/etc/ssl/debian/keys':
45 require => Package['ssl-cert'],
47 file { '/etc/ssl/debian/certs/thishost.crt':
48 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
49 notify => Exec['c_rehash /etc/ssl/debian/certs'],
51 file { '/etc/ssl/debian/keys/thishost.key':
52 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
55 require => Package['ssl-cert'],
57 file { '/etc/ssl/debian/certs/ca.crt':
58 source => 'puppet:///modules/ssl/clientcerts/ca.crt',
59 notify => Exec['c_rehash /etc/ssl/debian/certs'],
61 file { '/etc/ssl/debian/crls/ca.crl':
62 source => 'puppet:///modules/ssl/clientcerts/ca.crl',
65 file { '/etc/ssl/debian/certs/thishost-server.crt':
66 source => "puppet:///modules/exim/certs/${::fqdn}.crt",
67 notify => Exec['c_rehash /etc/ssl/debian/certs'],
69 file { '/etc/ssl/debian/keys/thishost-server.key':
70 source => "puppet:///modules/exim/certs/${::fqdn}.key",
73 require => Package['ssl-cert'],
76 exec { 'make_new_service_links':
77 command => 'cp -f --symbolic-link ../servicecerts/* .',
78 cwd => '/etc/ssl/certs',
80 notify => Exec['cleanup_dead_links']
83 exec { 'cleanup_dead_links':
84 command => 'find -L /etc/ssl/certs -mindepth 1 -maxdepth 1 -type l -delete',
86 notify => Exec['c_rehash /etc/ssl/certs']
89 exec { 'c_rehash /etc/ssl/certs':
93 exec { 'c_rehash /etc/ssl/debian/certs':
97 exec { 'modify_ca_certificates_conf':
98 command => 'sed -i -e \'s#!mozilla/UTN_USERFirst_Hardware_Root_CA.crt#mozilla/UTN_USERFirst_Hardware_Root_CA.crt#\' /etc/ca-certificates.conf',
99 cwd => '/etc/ssl/certs',
100 onlyif => 'grep -Fqx \'!mozilla/UTN_USERFirst_Hardware_Root_CA.crt\' /etc/ca-certificates.conf',
101 notify => Exec['update_ca_certificates']
103 exec { 'update_ca_certificates':
104 command => '/usr/sbin/update-ca-certificates',
105 cwd => '/etc/ssl/certs',