From: Julien Cristau Date: Fri, 3 Jun 2016 12:30:37 +0000 (+0200) Subject: Use LE certs for tracker and packages.qa X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4c99b2af37a0c04d398b40ff9c5978476aced68b;p=mirror%2Fdsa-puppet.git Use LE certs for tracker and packages.qa Signed-off-by: Julien Cristau --- diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index db9db67a7..b1bdc4d66 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -262,7 +262,7 @@ class roles { if has_role('packagesqamaster') { ssl::service { 'packages.qa.debian.org': notify => Service['apache2'], - tlsaport => [], + key => true, } } diff --git a/modules/roles/manifests/tracker.pp b/modules/roles/manifests/tracker.pp index 749eb86b3..23d95d506 100644 --- a/modules/roles/manifests/tracker.pp +++ b/modules/roles/manifests/tracker.pp @@ -1,6 +1,6 @@ class roles::tracker { ssl::service { 'tracker.debian.org': notify => Service['apache2'], - tlsaport => [], + key => true, } } diff --git a/modules/ssl/files/chains/packages.qa.debian.org.crt b/modules/ssl/files/chains/packages.qa.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/packages.qa.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/chains/tracker.debian.org.crt b/modules/ssl/files/chains/tracker.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/tracker.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/packages.qa.debian.org.crt b/modules/ssl/files/servicecerts/packages.qa.debian.org.crt deleted file mode 100644 index 8a6de8987..000000000 --- a/modules/ssl/files/servicecerts/packages.qa.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - d6:f4:0b:9a:d4:5f:ae:35:d3:c2:d1:c2:38:f6:79:61 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Jun 20 00:00:00 2015 GMT - Not After : Jul 2 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=packages.qa.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:c5:5d:52:0c:04:8a:da:98:d3:75:d6:e7:b4:f6: - 7c:5c:b8:cc:10:3a:24:db:97:df:1b:fe:8a:ad:80: - 60:7c:a0:ab:60:ca:9b:0b:8e:5e:f8:8a:45:89:eb: - d8:e7:f1:0f:37:69:bc:7d:28:98:0a:96:06:e8:be: - 76:20:bc:ea:0c:17:43:d2:24:2f:76:12:91:39:45: - 87:67:94:d8:44:54:ff:aa:93:26:e6:40:8c:53:7a: - 0a:30:9e:aa:c2:41:de:b9:24:11:c2:1b:92:df:ef: - d0:c6:33:41:8f:09:42:d6:2b:09:ed:59:8d:b5:d3: - 25:f4:4a:40:64:d4:3f:cb:ea:e4:cc:0e:07:fc:a3: - 3c:96:40:7c:2c:78:8b:57:2d:db:ca:61:64:19:c8: - 7d:84:a1:be:09:ed:74:ca:4c:92:aa:44:4f:83:15: - af:3a:c6:68:f5:ed:44:d8:57:65:62:9d:e4:dd:43: - 69:9f:60:0f:11:7d:eb:3d:41:c4:9d:c7:0c:57:c1: - 54:19:fa:77:fb:a7:50:31:55:a5:3a:0e:3b:3d:4e: - e6:1b:c6:63:52:fc:bd:9c:a0:64:33:a7:95:1d:3b: - 91:c0:18:b6:11:aa:1c:82:82:7f:30:c6:a4:3f:e4: - 9d:a0:f6:6a:45:6c:87:99:d5:54:26:e9:31:71:2d: - 39:75:53:3e:f1:83:f6:20:3a:cc:e7:7a:a6:da:2f: - 9e:7b:8e:ba:b9:51:8f:e3:e4:73:1a:e2:06:e6:e1: - b4:35:dc:93:75:70:58:99:d7:ba:15:b2:a5:0f:83: - 0c:76:f0:ef:b7:12:f9:0e:a9:bf:bf:7e:19:95:1a: - 18:62:97:50:77:c4:b2:3e:31:29:a9:c0:67:95:a8: - 29:f7:87:a4:20:f7:34:c3:0d:d9:c3:e5:56:6d:d2: - 0d:cc:5b:62:8e:e2:ec:80:76:20:af:a0:b5:3d:6a: - 08:62:21:14:2a:06:d5:9d:3c:95:90:1d:31:83:8e: - b4:21:c5:17:eb:56:58:8b:3d:83 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - 82:3E:DF:28:FD:38:4F:4B:08:58:31:28:9C:17:DF:01:FA:99:B8:D4 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:packages.qa.debian.org, DNS:www.packages.qa.debian.org - Signature Algorithm: sha256WithRSAEncryption - 7f:8f:da:55:d2:dc:63:a5:90:d6:60:e2:2e:22:ff:f7:eb:4e: - be:5b:f1:4f:0c:8f:28:9d:cf:5e:be:25:5c:80:20:52:13:5e: - 6d:fd:a9:35:89:94:11:af:69:f4:49:5d:f1:ac:6c:23:1c:81: - a4:8f:b2:75:11:c2:7d:e5:6b:2c:ed:04:be:4c:fb:c8:a5:f5: - eb:f1:9d:b2:86:8b:55:ff:69:68:a1:5b:c1:92:28:3a:01:33: - ef:5f:f8:a9:1d:71:6b:b1:d0:28:53:a9:48:86:fc:12:1b:80: - 92:5f:b7:10:e8:22:4c:2f:d0:4d:a3:42:d3:4f:32:96:df:5d: - d5:79:db:7d:a6:36:96:9c:f6:f3:ef:49:6a:99:50:50:af:a8: - 16:52:bd:6a:52:82:c8:ab:43:fb:69:ac:4d:e9:73:68:5c:3c: - 75:3c:61:65:70:82:18:a6:29:67:db:02:2b:79:4b:f9:e4:d4: - 1b:c0:c7:33:f5:a6:57:5d:59:77:e1:d2:56:fe:bb:11:ee:f6: - c2:13:7b:97:bb:be:6a:0a:04:e9:63:ef:51:7c:f1:8b:ed:dd: - 4b:6b:d3:3d:70:10:37:b8:59:ad:84:68:dc:97:f3:84:6a:52: - b0:9b:31:7f:45:c3:14:a3:08:54:16:f1:45:83:e6:45:d0:81: - c5:1a:06:17 ------BEGIN CERTIFICATE----- -MIIFkjCCBHqgAwIBAgIRANb0C5rUX64108LRwjj2eWEwDQYJKoZIhvcNAQELBQAw -XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO -MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy -MB4XDTE1MDYyMDAwMDAwMFoXDTE2MDcwMjIzNTk1OVowYTEhMB8GA1UECxMYRG9t -YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT -U0wxHzAdBgNVBAMTFnBhY2thZ2VzLnFhLmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3 -DQEBAQUAA4IBjwAwggGKAoIBgQDFXVIMBIramNN11ue09nxcuMwQOiTbl98b/oqt -gGB8oKtgypsLjl74ikWJ69jn8Q83abx9KJgKlgbovnYgvOoMF0PSJC92EpE5RYdn -lNhEVP+qkybmQIxTegownqrCQd65JBHCG5Lf79DGM0GPCULWKwntWY210yX0SkBk -1D/L6uTMDgf8ozyWQHwseItXLdvKYWQZyH2Eob4J7XTKTJKqRE+DFa86xmj17UTY -V2VineTdQ2mfYA8Rfes9QcSdxwxXwVQZ+nf7p1AxVaU6Djs9TuYbxmNS/L2coGQz -p5UdO5HAGLYRqhyCgn8wxqQ/5J2g9mpFbIeZ1VQm6TFxLTl1Uz7xg/YgOszneqba -L557jrq5UY/j5HMa4gbm4bQ13JN1cFiZ17oVsqUPgwx28O+3EvkOqb+/fhmVGhhi -l1B3xLI+MSmpwGeVqCn3h6Qg9zTDDdnD5VZt0g3MW2KO4uyAdiCvoLU9aghiIRQq -BtWdPJWQHTGDjrQhxRfrVliLPYMCAwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFLOQ -p9jJr07NYTyffK1df0H9aTDqMB0GA1UdDgQWBBSCPt8o/ThPSwhYMSicF98B+pm4 -1DAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF -BQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsG -AQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNV -HR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFu -ZGFyZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRw -Oi8vY3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYI -KwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wPQYDVR0RBDYwNIIW -cGFja2FnZXMucWEuZGViaWFuLm9yZ4Iad3d3LnBhY2thZ2VzLnFhLmRlYmlhbi5v -cmcwDQYJKoZIhvcNAQELBQADggEBAH+P2lXS3GOlkNZg4i4i//frTr5b8U8Mjyid -z16+JVyAIFITXm39qTWJlBGvafRJXfGsbCMcgaSPsnURwn3layztBL5M+8il9evx -nbKGi1X/aWihW8GSKDoBM+9f+KkdcWux0ChTqUiG/BIbgJJftxDoIkwv0E2jQtNP -MpbfXdV5232mNpac9vPvSWqZUFCvqBZSvWpSgsirQ/tprE3pc2hcPHU8YWVwghim -KWfbAit5S/nk1BvAxzP1plddWXfh0lb+uxHu9sITe5e7vmoKBOlj71F88Yvt3Utr -0z1wEDe4Wa2EaNyX84RqUrCbMX9FwxSjCFQW8UWD5kXQgcUaBhc= ------END CERTIFICATE----- diff --git a/modules/ssl/files/servicecerts/tracker.debian.org.crt b/modules/ssl/files/servicecerts/tracker.debian.org.crt deleted file mode 100644 index 4d6e19288..000000000 --- a/modules/ssl/files/servicecerts/tracker.debian.org.crt +++ /dev/null @@ -1,107 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 44:db:31:b8:fa:4b:3d:3f:09:aa:20:bd:f5:1d:c7:ab - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Jun 20 00:00:00 2015 GMT - Not After : Jun 27 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=tracker.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:bc:a7:26:cb:d9:5b:5a:59:13:87:42:a0:1f:aa: - cb:97:a7:b1:41:ca:1a:e0:88:2f:9b:55:21:79:c1: - 9f:db:93:28:f1:2a:a2:15:c4:73:d8:aa:79:a7:73: - 75:7e:34:8b:09:83:13:6a:de:2b:21:71:a4:ba:bd: - f9:0f:fe:72:f2:5c:08:45:64:a7:0e:dc:a4:c7:f8: - 0c:d4:6c:b3:be:40:7e:e8:11:61:aa:e2:31:b4:c8: - 62:e6:c1:e3:53:83:fb:b7:3f:ea:8b:dc:2b:26:37: - 85:a9:00:87:7b:d3:b7:6d:ee:92:9d:c8:2c:30:a2: - d4:5a:c0:48:0e:4f:5d:f0:90:00:78:94:b2:e5:a1: - df:32:9c:ed:f2:08:89:af:f6:30:4a:85:e2:c3:83: - c9:ae:3d:5c:e4:46:14:ae:01:ef:7f:f8:7d:be:33: - 2d:2b:a9:c4:f7:25:1a:86:bb:77:03:7c:39:51:77: - b6:6c:33:c3:e7:b0:69:ad:09:d6:32:e1:97:c2:01: - 58:4b:9d:21:4b:50:25:f8:79:ef:1f:b0:40:11:1d: - 10:5a:19:f7:44:3d:24:7b:f2:27:8a:12:74:88:cf: - 53:df:82:d7:97:37:6d:51:51:7f:8f:4b:40:29:2e: - d3:4e:9d:6a:06:28:2d:7e:0b:86:56:53:fb:61:4b: - 91:71 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - BA:25:20:3A:D9:13:AE:CE:FB:E6:31:E9:74:AD:58:6F:7E:86:2F:D7 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:tracker.debian.org, DNS:www.tracker.debian.org - Signature Algorithm: sha256WithRSAEncryption - 5b:10:bb:97:97:03:5e:7f:e0:c6:00:e0:be:0f:48:fb:7f:d9: - d7:59:0f:4d:5c:ab:0d:7d:3f:7c:5c:11:4b:4a:20:4f:cf:c5: - bf:34:64:90:0d:78:8e:0a:26:7a:0d:04:3e:94:69:dc:01:37: - a5:7c:3f:94:b3:76:cd:46:fb:b2:4d:55:b3:ed:51:cb:03:58: - a8:e5:fe:59:d7:a9:24:c6:56:a8:27:e8:01:88:1c:4c:60:b1: - c3:e8:26:0d:9f:c3:e2:6e:a5:e6:23:03:3d:a5:6a:70:c8:cd: - 50:3b:75:ec:f1:5b:bf:86:69:b7:f9:56:9b:76:ae:10:89:a0: - 37:17:72:b7:34:b2:16:40:e4:90:91:f0:bc:8b:92:af:1f:69: - f3:85:fe:8a:f6:f7:d1:50:9b:ab:f6:31:6c:e8:cd:23:4c:68: - 51:5e:d2:52:44:84:a4:fa:6b:30:83:c3:ae:d0:33:09:73:80: - c8:b7:f0:ce:21:2f:ee:ad:ad:56:85:34:b6:d2:1c:35:76:67: - 83:a8:37:9d:13:43:d1:84:8b:c1:15:8a:c2:5b:f3:65:5f:2e: - 00:88:da:7f:6e:2d:04:c1:11:58:02:2c:25:70:c4:19:2a:fb: - 69:5f:00:c0:93:4a:89:16:00:e6:06:c5:60:42:bf:6a:f8:b9: - aa:c5:78:c3 ------BEGIN CERTIFICATE----- -MIIFBTCCA+2gAwIBAgIQRNsxuPpLPT8JqiC99R3HqzANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTUwNjIwMDAwMDAwWhcNMTYwNjI3MjM1OTU5WjBdMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEbMBkGA1UEAxMSdHJhY2tlci5kZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAvKcmy9lbWlkTh0KgH6rLl6exQcoa4Igvm1UhecGf25Mo -8SqiFcRz2Kp5p3N1fjSLCYMTat4rIXGkur35D/5y8lwIRWSnDtykx/gM1GyzvkB+ -6BFhquIxtMhi5sHjU4P7tz/qi9wrJjeFqQCHe9O3be6SncgsMKLUWsBIDk9d8JAA -eJSy5aHfMpzt8giJr/YwSoXiw4PJrj1c5EYUrgHvf/h9vjMtK6nE9yUahrt3A3w5 -UXe2bDPD57BprQnWMuGXwgFYS50hS1Al+HnvH7BAER0QWhn3RD0ke/InihJ0iM9T -34LXlzdtUVF/j0tAKS7TTp1qBigtfguGVlP7YUuRcQIDAQABo4IBvTCCAbkwHwYD -VR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFLolIDrZE67O -++Yx6XStWG9+hi/XMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud -JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEB -AgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYG -Z4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNv -bS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYB -BQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM -Q0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA1 -BgNVHREELjAsghJ0cmFja2VyLmRlYmlhbi5vcmeCFnd3dy50cmFja2VyLmRlYmlh -bi5vcmcwDQYJKoZIhvcNAQELBQADggEBAFsQu5eXA15/4MYA4L4PSPt/2ddZD01c -qw19P3xcEUtKIE/Pxb80ZJANeI4KJnoNBD6UadwBN6V8P5Szds1G+7JNVbPtUcsD -WKjl/lnXqSTGVqgn6AGIHExgscPoJg2fw+JupeYjAz2lanDIzVA7dezxW7+Gabf5 -Vpt2rhCJoDcXcrc0shZA5JCR8LyLkq8fafOF/or299FQm6v2MWzozSNMaFFe0lJE -hKT6azCDw67QMwlzgMi38M4hL+6trVaFNLbSHDV2Z4OoN50TQ9GEi8EVisJb82Vf -LgCI2n9uLQTBEVgCLCVwxBkq+2lfAMCTSokWAOYGxWBCv2r4uarFeMM= ------END CERTIFICATE-----