From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 12 Oct 2016 12:28:03 +0000 (+0200)
Subject: LE cert for security-tracker
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=5f0c6902cf186f3e5a607d1885800dfee266eff3;p=mirror%2Fdsa-puppet.git

LE cert for security-tracker
---

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index d0741109b..4c7ee44e7 100644
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -1,6 +1,6 @@
 class roles::security_tracker {
 	ssl::service { 'security-tracker.debian.org':
 		notify  => Exec['service apache2 reload'],
-		tlsaport => 0,
+		key => true,
 	}
 }
diff --git a/modules/ssl/files/chains/security-tracker.debian.org.crt b/modules/ssl/files/chains/security-tracker.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/security-tracker.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/security-tracker.debian.org.crt b/modules/ssl/files/servicecerts/security-tracker.debian.org.crt
deleted file mode 100644
index f2a98149b..000000000
--- a/modules/ssl/files/servicecerts/security-tracker.debian.org.crt
+++ /dev/null
@@ -1,119 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            15:7e:17:02:3c:7f:e0:48:09:cb:d7:96:ec:08:96:b5
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Jan 20 23:59:59 2017 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=security-tracker.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:cf:fd:ef:f2:c5:2a:7a:da:d2:07:2c:21:c9:89:
-                    e4:21:0e:f6:c8:72:b2:15:90:fe:5c:d9:b7:1a:5b:
-                    83:f4:84:e7:a3:d6:95:cf:c5:d1:57:dd:a9:ac:67:
-                    23:27:c8:a6:1a:73:20:f4:c9:a2:23:67:50:e7:df:
-                    49:20:3f:01:3d:2c:3a:95:50:a3:98:80:e8:c5:81:
-                    54:de:74:e9:99:24:0a:33:63:e2:5f:13:16:63:27:
-                    45:bc:e8:2a:5a:2e:40:d2:85:99:dd:54:ff:07:53:
-                    90:f6:02:83:e1:5d:23:79:14:1c:14:7f:64:09:be:
-                    92:66:8c:7f:4c:3d:a9:c6:57:b9:70:a0:83:b3:e8:
-                    f3:ec:cc:2a:e3:7b:4d:7c:fd:c5:c5:ca:7b:c5:99:
-                    0d:39:b2:a1:05:49:6e:38:57:4c:4b:9b:e0:36:a4:
-                    bf:cb:2e:b5:76:bd:c5:c3:11:48:a0:06:38:e2:a4:
-                    ed:47:92:2c:72:4c:ce:c9:12:39:94:c7:bc:7e:7f:
-                    82:bb:72:e8:f4:50:57:8f:a7:5a:ab:40:b0:7b:79:
-                    b9:50:28:7a:ce:be:96:38:79:e3:ce:25:6e:c9:dd:
-                    c4:15:22:cd:9b:77:97:cb:54:9d:46:9c:50:a8:c2:
-                    4b:c9:62:c1:42:d4:b2:7f:0d:54:31:85:51:e3:ca:
-                    5d:f1:9a:1f:68:ef:12:08:94:40:40:b0:1b:05:35:
-                    75:f3:e2:d5:ff:c3:46:3c:54:4e:2b:c3:2c:8e:e6:
-                    5b:78:de:36:ee:4c:83:c1:75:5d:06:0b:ff:8c:80:
-                    ac:a7:fe:f6:21:9c:94:ca:f9:13:02:cb:31:4a:2b:
-                    49:26:fd:f1:3c:ad:bd:c6:b6:93:c5:6a:e6:6f:bb:
-                    e4:88:5e:8c:0d:bf:4f:2a:12:59:9b:ae:2d:36:f1:
-                    31:db:e5:0f:25:05:99:2e:ad:ba:76:19:2b:49:e3:
-                    76:81:b8:91:f8:89:b8:92:db:7c:8f:3f:15:d3:eb:
-                    b8:e3:19:58:6b:c5:8f:a8:51:d1
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                EE:8D:2D:52:28:5E:D4:85:53:F2:6C:13:2A:72:6D:21:07:4D:B7:F5
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:security-tracker.debian.org, DNS:www.security-tracker.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         58:63:6e:65:2e:4a:81:f4:43:1f:5b:a2:69:6a:cb:25:e5:00:
-         6d:82:e8:08:0d:bc:a6:eb:46:a9:26:f3:b5:6f:d2:e3:29:0d:
-         68:1b:07:80:8e:56:d3:fb:1d:16:68:4e:a8:4e:a5:ba:7f:6a:
-         6b:1f:b7:de:25:5d:1d:6d:5d:6f:81:0d:ce:24:35:1e:17:90:
-         bb:28:40:5c:f7:21:07:5a:77:07:07:cb:7e:bf:6f:05:f5:0d:
-         11:b7:02:79:1f:ed:d4:40:f1:1b:c5:4c:ef:fc:4e:d9:be:31:
-         f1:bc:ce:7c:07:38:d6:83:6d:1d:2b:43:a7:ce:a5:4b:3a:ba:
-         35:84:af:62:7a:90:fa:e7:ec:1c:92:ba:38:b1:f4:ec:75:26:
-         a4:39:9d:bd:c6:36:ce:62:e3:47:49:de:b5:60:79:2e:f4:bb:
-         b7:ff:19:98:e4:14:4b:cd:8c:73:40:67:b0:3b:b6:7f:37:ec:
-         bb:10:cb:20:b1:49:65:f5:db:74:c8:c6:19:d0:88:07:75:05:
-         75:d9:1d:23:7e:e1:9d:b1:ea:7c:47:b4:0d:f2:03:66:45:85:
-         11:b4:19:c6:96:e2:72:dc:59:17:67:98:d1:35:5a:41:78:cf:
-         6d:c1:db:68:b0:0a:f6:56:b3:88:74:dd:1b:2b:a0:de:c6:0b:
-         3e:7d:58:c5
------BEGIN CERTIFICATE-----
-MIIFoDCCBIigAwIBAgIQFX4XAjx/4EgJy9eW7AiWtTANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIwMjM1OTU5WjBmMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEkMCIGA1UEAxMbc2VjdXJpdHktdHJhY2tlci5kZWJpYW4ub3JnMIIBojANBgkq
-hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAz/3v8sUqetrSBywhyYnkIQ72yHKyFZD+
-XNm3GluD9ITno9aVz8XRV92prGcjJ8imGnMg9MmiI2dQ599JID8BPSw6lVCjmIDo
-xYFU3nTpmSQKM2PiXxMWYydFvOgqWi5A0oWZ3VT/B1OQ9gKD4V0jeRQcFH9kCb6S
-Zox/TD2pxle5cKCDs+jz7Mwq43tNfP3Fxcp7xZkNObKhBUluOFdMS5vgNqS/yy61
-dr3FwxFIoAY44qTtR5IsckzOyRI5lMe8fn+Cu3Lo9FBXj6daq0Cwe3m5UCh6zr6W
-OHnjziVuyd3EFSLNm3eXy1SdRpxQqMJLyWLBQtSyfw1UMYVR48pd8ZofaO8SCJRA
-QLAbBTV18+LV/8NGPFROK8MsjuZbeN427kyDwXVdBgv/jICsp/72IZyUyvkTAssx
-SitJJv3xPK29xraTxWrmb7vkiF6MDb9PKhJZm64tNvEx2+UPJQWZLq26dhkrSeN2
-gbiR+Im4ktt8jz8V0+u44xlYa8WPqFHRAgMBAAGjggHPMIIByzAfBgNVHSMEGDAW
-gBSzkKfYya9OzWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQU7o0tUihe1IVT8mwTKnJt
-IQdNt/UwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAl
-BggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEw
-QQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRp
-U3RhbmRhcmRTU0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYw
-aHR0cDovL2NydC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0
-MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMEcGA1UdEQRA
-MD6CG3NlY3VyaXR5LXRyYWNrZXIuZGViaWFuLm9yZ4Ifd3d3LnNlY3VyaXR5LXRy
-YWNrZXIuZGViaWFuLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAWGNuZS5KgfRDH1ui
-aWrLJeUAbYLoCA28putGqSbztW/S4ykNaBsHgI5W0/sdFmhOqE6lun9qax+33iVd
-HW1db4ENziQ1HheQuyhAXPchB1p3BwfLfr9vBfUNEbcCeR/t1EDxG8VM7/xO2b4x
-8bzOfAc41oNtHStDp86lSzq6NYSvYnqQ+ufsHJK6OLH07HUmpDmdvcY2zmLjR0ne
-tWB5LvS7t/8ZmOQUS82Mc0BnsDu2fzfsuxDLILFJZfXbdMjGGdCIB3UFddkdI37h
-nbHqfEe0DfIDZkWFEbQZxpbictxZF2eY0TVaQXjPbcHbaLAK9laziHTdGyug3sYL
-Pn1YxQ==
------END CERTIFICATE-----