From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 12 Oct 2016 12:24:31 +0000 (+0200)
Subject: LE cert for sso
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=34cff2e3729a4d646271fe85c4b3f0dcd91e3cd1;p=mirror%2Fdsa-puppet.git

LE cert for sso
---

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index a755ab686..b7160cd39 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -1,6 +1,6 @@
 class roles::sso {
 	ssl::service { 'sso.debian.org':
 		notify  => Exec['service apache2 reload'],
-		tlsaport => 0,
+		key => true,
 	}
 }
diff --git a/modules/ssl/files/chains/sso.debian.org.crt b/modules/ssl/files/chains/sso.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/sso.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/sso.debian.org.crt b/modules/ssl/files/servicecerts/sso.debian.org.crt
deleted file mode 100644
index f5b5d827d..000000000
--- a/modules/ssl/files/servicecerts/sso.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            1c:99:e2:87:2e:2d:80:c2:0f:1b:b9:07:5e:e7:d2:71
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Jan 20 23:59:59 2017 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=sso.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:d0:5e:97:e4:17:d9:42:32:91:b8:e7:33:32:fd:
-                    23:60:e3:95:60:fb:f8:f4:bd:20:47:81:65:18:95:
-                    d6:42:98:b8:ba:3f:2d:be:ab:b9:df:fb:91:51:fc:
-                    50:67:7a:a8:00:f9:97:bc:6e:d4:0d:36:05:12:b6:
-                    54:48:f1:14:71:54:9d:92:71:27:7b:ad:2f:70:4e:
-                    44:0a:e3:96:7f:60:b8:78:90:d7:9c:15:48:c5:ce:
-                    ce:8c:49:3d:9c:f9:8b:5c:3f:47:74:a7:3d:14:4b:
-                    c9:7f:ca:f5:be:17:1c:c5:f7:63:a1:5c:47:b8:d6:
-                    04:1b:dc:e8:55:f5:ce:7c:f7:9f:40:b5:4c:be:f9:
-                    a3:a7:c7:01:7d:b4:b2:20:c6:f1:5a:bc:98:04:2b:
-                    07:bf:37:20:0f:c7:7d:26:5f:7b:38:1f:f0:fd:b0:
-                    4d:00:5d:4d:4b:c0:03:1e:a2:4b:bb:db:fa:de:35:
-                    68:7c:c8:7f:4b:6a:5a:0e:1b:bf:23:ac:eb:f4:60:
-                    35:27:04:f7:97:3d:e5:c0:e5:c3:1a:d8:c5:47:8d:
-                    2b:df:5f:f0:e7:9b:53:9f:8a:2f:3f:a7:74:9d:4b:
-                    06:14:4d:d8:c7:e0:81:a8:4f:40:3a:78:fe:6e:3b:
-                    3a:a3:dd:23:48:fe:c8:87:9f:eb:a5:12:79:e9:b2:
-                    a7:a9:4f:63:37:44:7f:1a:90:55:38:02:eb:85:1e:
-                    2e:c7:a7:f9:02:a7:c7:7f:40:fd:72:bc:b3:79:50:
-                    39:0f:03:a6:5c:9a:d2:1a:3d:1d:56:80:61:54:9e:
-                    c9:a3:f9:9e:cb:49:d1:0e:f2:31:21:a9:79:0a:24:
-                    63:e7:6e:69:31:a6:6a:5f:1c:7c:77:67:e5:69:a1:
-                    d9:3f:65:9f:8f:66:9f:54:8a:e4:1c:1b:6e:01:aa:
-                    8c:e1:74:31:4d:90:92:67:ff:0e:1a:32:18:05:0c:
-                    8c:2a:92:f5:44:0f:a6:72:2c:6d:2f:ec:8d:77:ca:
-                    43:40:ce:75:2f:ab:76:43:cc:89
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                5B:38:D5:BA:26:5F:C3:DE:B2:10:57:54:E7:B0:4F:1C:39:FD:12:9B
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:sso.debian.org, DNS:www.sso.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         29:22:24:5f:6f:c6:c1:ee:ca:c1:7a:67:04:11:bf:e4:20:22:
-         e1:4c:b7:5d:eb:ee:20:4c:19:7e:d8:58:8b:18:7f:f4:d1:66:
-         89:6a:c5:f4:88:00:8b:26:35:78:56:18:8a:0d:4d:3b:d5:8f:
-         b6:11:ee:ec:64:ea:44:ae:e1:82:c5:d0:c5:f2:c1:4a:9f:5b:
-         9a:27:94:43:2d:3c:51:43:ea:db:a9:60:50:e9:d9:28:b3:9e:
-         74:72:56:ae:46:dd:86:1a:47:88:4b:a0:81:d9:e4:ee:59:cf:
-         ee:aa:6e:d1:69:30:34:9e:92:41:7a:10:dd:b9:9d:7b:c5:f4:
-         89:01:f8:84:6b:75:9f:5a:31:9d:99:a3:35:6e:dd:17:66:e9:
-         4c:d3:24:99:21:72:25:a2:08:43:f8:87:92:26:70:8d:3a:b5:
-         6c:d5:c8:72:8d:0e:38:83:47:13:bf:0e:3c:26:00:0b:c0:4c:
-         34:9d:58:0c:c0:63:59:1e:66:f7:9c:bc:9f:7d:69:1b:5f:70:
-         2a:77:1b:0e:e4:7d:bc:d6:91:d0:84:be:06:6b:62:2d:e7:b1:
-         e0:98:e9:56:0d:17:6d:0f:33:f8:de:ef:2e:c3:1a:ad:69:8b:
-         0f:ac:d6:75:df:89:c8:c7:7b:d8:5e:79:a6:69:c7:a3:61:e9:
-         5b:fa:8a:98
------BEGIN CERTIFICATE-----
-MIIFeTCCBGGgAwIBAgIQHJnihy4tgMIPG7kHXufScTANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIwMjM1OTU5WjBZMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEXMBUGA1UEAxMOc3NvLmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3DQEBAQUAA4IB
-jwAwggGKAoIBgQDQXpfkF9lCMpG45zMy/SNg45Vg+/j0vSBHgWUYldZCmLi6Py2+
-q7nf+5FR/FBneqgA+Ze8btQNNgUStlRI8RRxVJ2ScSd7rS9wTkQK45Z/YLh4kNec
-FUjFzs6MST2c+YtcP0d0pz0US8l/yvW+FxzF92OhXEe41gQb3OhV9c58959AtUy+
-+aOnxwF9tLIgxvFavJgEKwe/NyAPx30mX3s4H/D9sE0AXU1LwAMeoku72/reNWh8
-yH9LaloOG78jrOv0YDUnBPeXPeXA5cMa2MVHjSvfX/Dnm1Ofii8/p3SdSwYUTdjH
-4IGoT0A6eP5uOzqj3SNI/siHn+ulEnnpsqepT2M3RH8akFU4AuuFHi7Hp/kCp8d/
-QP1yvLN5UDkPA6ZcmtIaPR1WgGFUnsmj+Z7LSdEO8jEhqXkKJGPnbmkxpmpfHHx3
-Z+Vpodk/ZZ+PZp9UiuQcG24BqozhdDFNkJJn/w4aMhgFDIwqkvVED6ZyLG0v7I13
-ykNAznUvq3ZDzIkCAwEAAaOCAbUwggGxMB8GA1UdIwQYMBaAFLOQp9jJr07NYTyf
-fK1df0H9aTDqMB0GA1UdDgQWBBRbONW6Jl/D3rIQV1TnsE8cOf0SmzAOBgNVHQ8B
-Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
-BQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUFBwIBFhlo
-dHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8EOjA4MDag
-NKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENB
-Mi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0LnVz
-ZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYBBQUHMAGG
-GWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wLQYDVR0RBCYwJIIOc3NvLmRlYmlh
-bi5vcmeCEnd3dy5zc28uZGViaWFuLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKSIk
-X2/Gwe7KwXpnBBG/5CAi4Uy3XevuIEwZfthYixh/9NFmiWrF9IgAiyY1eFYYig1N
-O9WPthHu7GTqRK7hgsXQxfLBSp9bmieUQy08UUPq26lgUOnZKLOedHJWrkbdhhpH
-iEuggdnk7lnP7qpu0WkwNJ6SQXoQ3bmde8X0iQH4hGt1n1oxnZmjNW7dF2bpTNMk
-mSFyJaIIQ/iHkiZwjTq1bNXIco0OOINHE78OPCYAC8BMNJ1YDMBjWR5m95y8n31p
-G19wKncbDuR9vNaR0IS+BmtiLeex4JjpVg0XbQ8z+N7vLsMarWmLD6zWdd+JyMd7
-2F55pmnHo2HpW/qKmA==
------END CERTIFICATE-----