+++ /dev/null
-# This file is under puppet control
-# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README
-
-# Let's Encrypt: used by almost all Debian machines
-# Use the DST root as the ISRG one is not in wheezy yet
-#mozilla/ISRG_Root_X1.crt
-mozilla/DST_Root_CA_X3.crt
-
-# Gandi: used by *.alioth.d.o only
-mozilla/UTN_USERFirst_Hardware_Root_CA.crt
# This file is under puppet control
# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README
-
-# Let's Encrypt: used by almost all Debian machines
-mozilla/ISRG_Root_X1.crt
-
-# Gandi: used by *.alioth.d.o only
+mozilla/AddTrust_External_Root.crt
mozilla/UTN_USERFirst_Hardware_Root_CA.crt
+mozilla/DST_Root_CA_X3.crt
source => 'puppet:///modules/ssl/ca-certificates.conf',
notify => Exec['refresh_normal_hashes'],
}
- if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
- $ca_debian_conf_suffix = ''
- } else {
- $ca_debian_conf_suffix = '-wheezy'
- }
file { '/etc/ca-certificates-debian.conf':
mode => '0444',
- source => "puppet:///modules/ssl/ca-certificates-debian${ca_debian_conf_suffix}.conf",
+ source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
notify => Exec['refresh_ca_debian_hashes'],
}
file { '/etc/ca-certificates-global.conf':
projects / mirror / dsa-puppet.git / commitdiff