We still have some debian.org certs signed by SPI and USERFirst

author Paul Wise <pabs@debian.org>

Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)

committer Paul Wise <pabs@debian.org>

Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)
author Paul Wise <pabs@debian.org>
Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)
committer Paul Wise <pabs@debian.org>
Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp

index 7c9ffd6..0ae64aa 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -17,7 +17,7 @@ class ssl {
         }
         file { '/etc/ca-certificates-debian.conf':
                 mode    => '0444',
-               content => "# This file is under puppet control\n# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README\nmozilla/AddTrust_External_Root.crt\n",
+               content => "# This file is under puppet control\n# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README\nmozilla/AddTrust_External_Root.crt\nmozilla/UTN_USERFirst_Hardware_Root_CA.crt\nspi-inc.org/spi-cacert-2008.crt\n",
                 notify  => Exec['refresh_ca_debian_hashes'],
         }
         file { '/etc/ca-certificates-global.conf':
author	Paul Wise <pabs@debian.org>
	Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)
committer	Paul Wise <pabs@debian.org>
	Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)