From: Julien Cristau Date: Mon, 20 Jun 2016 10:58:40 +0000 (+0200) Subject: Switch appstream, qa, *.dgit to letsencrypt X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f0592778e175dd64df69a349a716fe8ca89ad66f;p=mirror%2Fdsa-puppet.git Switch appstream, qa, *.dgit to letsencrypt Signed-off-by: Julien Cristau --- diff --git a/modules/roles/manifests/dgit_browse.pp b/modules/roles/manifests/dgit_browse.pp index eb463fbad..0d2ea14ea 100644 --- a/modules/roles/manifests/dgit_browse.pp +++ b/modules/roles/manifests/dgit_browse.pp @@ -1,7 +1,7 @@ class roles::dgit_browse { ssl::service { 'browse.dgit.debian.org': notify => Service['apache2'], - tlsaport => [], + key => true, } package { 'cgit': ensure => installed, } diff --git a/modules/roles/manifests/dgit_git.pp b/modules/roles/manifests/dgit_git.pp index 8614b185e..be5b05c65 100644 --- a/modules/roles/manifests/dgit_git.pp +++ b/modules/roles/manifests/dgit_git.pp @@ -1,7 +1,7 @@ class roles::dgit_git { ssl::service { 'git.dgit.debian.org': notify => Service['apache2'], - tlsaport => [], + key => true, } apache2::site { '010-git.dgit.debian.org': diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index df8e39df8..676fdef3f 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -256,7 +256,7 @@ class roles { if has_role('qamaster') { ssl::service { 'qa.debian.org': notify => Service['apache2'], - tlsaport => [], + key => true, } } diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp index 55c091c3c..ced948fb0 100644 --- a/modules/roles/manifests/static_mirror.pp +++ b/modules/roles/manifests/static_mirror.pp @@ -77,10 +77,10 @@ class roles::static_mirror { ssl::service { 'bits.debian.org' : ensure => "ifstatic", notify => Service['apache2'], } ssl::service { 'lintian.debian.org' : ensure => "ifstatic", notify => Service['apache2'], } ssl::service { 'rtc.debian.org' : ensure => "ifstatic", notify => Service['apache2'], } - ssl::service { 'appstream.debian.org': ensure => "ifstatic", notify => Service['apache2'], tlsaport => [], } ssl::service { 'd-i.debian.org' : ensure => "ifstatic", notify => Service['apache2'], } # do + ssl::service { 'appstream.debian.org' : ensure => "ifstatic", notify => Service['apache2'], key => true, } ssl::service { 'backports.debian.org' : ensure => "ifstatic", notify => Service['apache2'], key => true, } ssl::service { 'blends.debian.org' : ensure => "ifstatic", notify => Service['apache2'], key => true, } ssl::service { 'release.debian.org' : ensure => "ifstatic", notify => Service['apache2'], key => true, } diff --git a/modules/ssl/files/chains/appstream.debian.org.crt b/modules/ssl/files/chains/appstream.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/appstream.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/chains/browse.dgit.debian.org.crt b/modules/ssl/files/chains/browse.dgit.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/browse.dgit.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/chains/git.dgit.debian.org.crt b/modules/ssl/files/chains/git.dgit.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/git.dgit.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/chains/qa.debian.org.crt b/modules/ssl/files/chains/qa.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/qa.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/appstream.debian.org.crt b/modules/ssl/files/servicecerts/appstream.debian.org.crt deleted file mode 100644 index 00527e869..000000000 --- a/modules/ssl/files/servicecerts/appstream.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - e4:ed:d5:06:3c:4a:1b:5a:90:02:53:98:3c:58:72:55 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Jul 13 00:00:00 2015 GMT - Not After : Jul 13 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=appstream.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:ce:28:42:8e:0c:7e:35:99:6e:b7:7c:e2:d7:27: - dc:5f:83:ce:c0:2c:3f:e8:f6:7b:73:8e:bc:03:2b: - 59:fd:d0:e4:1f:cb:cc:3f:d2:18:3f:ba:8f:80:64: - 45:ca:37:9c:57:0e:a3:9e:57:c7:c5:b9:4d:0a:5d: - 71:c5:90:b2:5b:f1:51:7b:0b:8c:7f:6a:83:42:35: - 9a:49:d8:65:54:9d:cc:ab:d5:91:bd:bc:e6:08:aa: - a0:01:23:dd:da:2d:65:df:e1:4c:af:b9:bc:32:ce: - 0f:a1:b5:15:bf:bc:ea:6b:c4:6d:7b:d2:43:71:aa: - 4f:bc:64:ff:a5:ff:26:ae:af:fc:fa:b5:33:b4:84: - 0e:08:cc:7e:fd:66:77:b1:b5:c6:b6:e4:e0:24:a8: - b4:ae:4e:4e:a6:79:24:45:09:1d:1d:79:83:fd:de: - 60:4e:b9:9b:81:65:23:e7:42:d9:87:6e:ee:f2:c1: - 67:6b:d3:8f:d7:45:41:ba:fa:bc:58:35:80:52:46: - a2:fd:56:e9:18:b3:fe:fe:c2:d9:f7:ea:06:3d:61: - 1e:03:be:18:41:14:40:03:98:ba:29:3c:64:d3:8d: - fb:60:13:b7:dc:31:7b:f8:e5:4c:15:87:93:a3:06: - 92:2b:3f:7a:80:b0:2a:23:7b:df:9a:8c:4a:0e:9e: - 0f:c3:02:25:24:e5:8a:81:2c:52:bd:76:db:73:6e: - ac:e8:72:be:e5:dc:d2:02:6c:bc:a1:ee:b2:cb:4f: - 49:be:9d:c8:91:f2:6c:b8:d8:62:31:50:1d:21:de: - 88:34:b8:7f:e5:b7:ed:75:33:36:c4:a6:8c:31:eb: - 58:8d:7e:b3:ad:d9:3e:48:f3:fd:3c:6b:ba:d0:e0: - 7c:ba:66:69:af:a8:51:82:67:36:cf:5e:d4:67:34: - f3:96:6b:b3:48:c1:e1:ab:3f:89:05:75:ce:10:6e: - 0c:c8:29:31:47:4c:43:4e:7d:fe:9c:e1:d1:52:58: - f4:15:7a:1a:68:26:74:b5:0a:4f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - B0:3D:60:A1:21:C9:11:3E:EC:38:1F:62:EC:54:C1:8A:D0:A9:48:66 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:appstream.debian.org, DNS:www.appstream.debian.org - Signature Algorithm: sha256WithRSAEncryption - 82:7f:fa:9f:71:76:3a:99:f6:e1:49:dc:df:c1:34:c8:db:78: - 70:f3:31:e2:6d:e8:65:cc:c0:d0:f6:ae:2d:4e:fe:de:4d:76: - 42:78:82:c1:4b:9e:af:c7:80:a3:aa:ed:69:37:74:4a:98:6b: - 29:67:d7:49:92:8c:7c:d0:c4:27:f6:8f:05:bc:a3:1a:0a:44: - d1:f6:18:21:fe:d8:4c:9d:17:04:f9:15:57:d7:db:9b:a1:31: - b5:a7:21:ee:4f:3b:51:89:ca:24:20:e7:e6:63:e2:1e:cb:0a: - f7:b8:0e:c5:36:63:0f:a5:99:2f:d3:64:8f:5b:b9:32:01:9a: - ed:cd:97:c3:66:e8:4f:d5:77:0f:c3:67:c5:1c:5b:53:97:e5: - 30:ab:53:8d:b8:48:ed:1d:34:0c:2e:6f:8c:7d:9d:0c:d2:4d: - 4c:15:1e:b3:13:c9:6d:8d:c6:06:86:3a:b4:2d:c5:f9:70:8c: - fc:dd:30:76:3c:70:1d:0b:45:8b:70:ab:b4:60:a8:76:01:da: - f2:ef:7a:9b:41:0d:0b:9f:b8:3f:87:bc:e6:8d:2b:47:35:65: - 4a:d2:16:89:8a:61:8c:62:75:47:ec:0c:fd:5a:8a:a1:23:ec: - 49:19:31:e0:ae:e5:f5:3b:3a:7c:08:c0:02:6d:45:e2:e0:a0: - e8:33:01:12 ------BEGIN CERTIFICATE----- -MIIFjDCCBHSgAwIBAgIRAOTt1QY8ShtakAJTmDxYclUwDQYJKoZIhvcNAQELBQAw -XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO -MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy -MB4XDTE1MDcxMzAwMDAwMFoXDTE2MDcxMzIzNTk1OVowXzEhMB8GA1UECxMYRG9t -YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT -U0wxHTAbBgNVBAMTFGFwcHN0cmVhbS5kZWJpYW4ub3JnMIIBojANBgkqhkiG9w0B -AQEFAAOCAY8AMIIBigKCAYEAzihCjgx+NZlut3zi1yfcX4POwCw/6PZ7c468AytZ -/dDkH8vMP9IYP7qPgGRFyjecVw6jnlfHxblNCl1xxZCyW/FRewuMf2qDQjWaSdhl -VJ3Mq9WRvbzmCKqgASPd2i1l3+FMr7m8Ms4PobUVv7zqa8Rte9JDcapPvGT/pf8m -rq/8+rUztIQOCMx+/WZ3sbXGtuTgJKi0rk5OpnkkRQkdHXmD/d5gTrmbgWUj50LZ -h27u8sFna9OP10VBuvq8WDWAUkai/VbpGLP+/sLZ9+oGPWEeA74YQRRAA5i6KTxk -0437YBO33DF7+OVMFYeTowaSKz96gLAqI3vfmoxKDp4PwwIlJOWKgSxSvXbbc26s -6HK+5dzSAmy8oe6yy09Jvp3IkfJsuNhiMVAdId6INLh/5bftdTM2xKaMMetYjX6z -rdk+SPP9PGu60OB8umZpr6hRgmc2z17UZzTzlmuzSMHhqz+JBXXOEG4MyCkxR0xD -Tn3+nOHRUlj0FXoaaCZ0tQpPAgMBAAGjggHBMIIBvTAfBgNVHSMEGDAWgBSzkKfY -ya9OzWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQUsD1goSHJET7sOB9i7FTBitCpSGYw -DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH -AwEGCCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAlBggrBgEF -BQcCARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwQQYDVR0f -BDowODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRh -cmRTU0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYwaHR0cDov -L2NydC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0MCUGCCsG -AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMDkGA1UdEQQyMDCCFGFw -cHN0cmVhbS5kZWJpYW4ub3Jnghh3d3cuYXBwc3RyZWFtLmRlYmlhbi5vcmcwDQYJ -KoZIhvcNAQELBQADggEBAIJ/+p9xdjqZ9uFJ3N/BNMjbeHDzMeJt6GXMwND2ri1O -/t5NdkJ4gsFLnq/HgKOq7Wk3dEqYayln10mSjHzQxCf2jwW8oxoKRNH2GCH+2Eyd -FwT5FVfX25uhMbWnIe5PO1GJyiQg5+Zj4h7LCve4DsU2Yw+lmS/TZI9buTIBmu3N -l8Nm6E/Vdw/DZ8UcW1OX5TCrU424SO0dNAwub4x9nQzSTUwVHrMTyW2NxgaGOrQt -xflwjPzdMHY8cB0LRYtwq7RgqHYB2vLveptBDQufuD+HvOaNK0c1ZUrSFomKYYxi -dUfsDP1aiqEj7EkZMeCu5fU7OnwIwAJtReLgoOgzARI= ------END CERTIFICATE----- diff --git a/modules/ssl/files/servicecerts/browse.dgit.debian.org.crt b/modules/ssl/files/servicecerts/browse.dgit.debian.org.crt deleted file mode 100644 index b79a7eaff..000000000 --- a/modules/ssl/files/servicecerts/browse.dgit.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 07:2c:b4:25:cd:c7:2f:70:73:45:69:65:94:3a:f4:df - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Jul 13 00:00:00 2015 GMT - Not After : Jul 13 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=browse.dgit.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:e0:68:01:e6:70:86:bf:6d:3e:19:28:3e:a9:24: - 08:8e:00:20:2c:ca:d5:e8:04:42:e4:ca:15:34:6a: - 8f:d7:15:9c:b3:f3:16:bb:c0:d9:79:77:21:3f:0e: - f6:3b:69:0b:7f:d9:d1:a5:75:b0:da:38:32:3f:e5: - 98:3e:cb:ac:e7:b6:95:08:a5:39:9c:0f:a5:69:ae: - 59:ad:93:77:10:a5:11:83:a8:68:ca:e5:60:4f:39: - 13:9f:f7:e4:68:95:8d:e4:32:0f:bc:8e:68:2d:85: - 9f:af:d1:65:23:05:71:6f:a5:96:9e:09:2b:e9:4c: - 63:73:17:c5:5f:82:59:2c:2e:70:a2:17:0e:9d:ef: - 5f:01:bf:0f:f5:8f:52:a5:57:12:d9:cb:6d:37:d8: - 22:ca:4e:48:d2:f6:63:92:53:5d:1b:90:89:25:c6: - e5:f0:b0:2d:25:7c:d6:94:68:de:14:eb:76:ec:13: - 6e:11:4a:a2:6e:a9:fb:ab:40:e7:4d:eb:cd:e7:56: - 87:50:c2:bf:33:e3:d3:97:50:51:f9:2b:f6:2c:ae: - 27:79:94:9e:4e:63:5e:43:4a:68:f2:23:e8:05:79: - 48:c4:af:eb:ed:f3:ac:e3:3c:42:d6:ee:35:25:cd: - aa:d8:ff:af:7d:c7:76:48:c0:7e:a1:91:e1:b5:6b: - ed:ae:74:b0:6d:b4:0e:78:fd:08:85:5f:2a:58:ae: - 12:20:23:f7:44:0f:e5:fc:17:4a:0f:b1:38:f7:7a: - 0e:b5:84:18:46:b7:79:98:8d:58:fb:cf:97:0f:03: - fa:aa:f5:1b:ad:c8:b7:7f:1d:0d:c9:29:19:ad:8f: - e6:64:3e:80:b2:e4:c0:51:33:b5:c7:9b:ca:1b:7d: - a1:f7:b2:55:d4:39:8e:d6:77:15:4d:e6:1c:72:f2: - 00:56:f1:96:75:d4:cd:8b:67:77:a0:29:5e:92:ff: - b4:be:65:fd:60:4d:a3:be:08:99:46:6b:ac:01:49: - 67:ed:9e:22:79:fa:a2:f0:dd:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - 28:27:17:64:5D:D2:5B:4F:F1:A3:94:D2:C1:D7:6A:94:4A:34:C3:42 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:browse.dgit.debian.org, DNS:www.browse.dgit.debian.org - Signature Algorithm: sha256WithRSAEncryption - 20:a7:df:a3:d4:d6:23:83:55:1b:d0:7c:d0:32:7e:d3:34:18: - 03:85:25:dc:24:4c:9f:4c:38:4a:61:d6:90:53:91:bf:6f:bf: - 68:07:77:f0:1f:b6:a1:69:70:81:93:f8:8c:58:72:f3:18:6a: - e3:cd:f4:cf:d5:d6:fc:05:39:4f:9e:be:49:0b:e0:d7:5a:bd: - 3f:95:a3:b9:71:ff:c3:1a:df:49:8a:cb:70:c5:fe:94:c2:61: - 15:f7:b1:fc:6c:42:de:d5:25:6c:25:d4:fa:98:a9:51:6c:fb: - ea:b9:73:a5:9b:4e:e7:a6:f1:0c:d0:c3:e3:e0:bd:10:6c:e2: - 22:30:d4:9d:17:84:8b:2f:11:cc:f0:50:4e:58:ad:f1:a9:05: - 7d:5c:0e:63:92:0d:8d:be:d8:54:e3:79:ec:ef:c4:02:d9:e3: - ce:df:16:eb:35:8e:50:11:a8:20:ee:4d:86:d3:1d:a2:db:2e: - 96:85:6a:5e:3a:07:44:77:65:4c:de:56:35:34:6b:44:db:df: - 75:a6:8e:d1:a0:94:9a:75:b5:dc:5c:42:9c:42:61:f0:e7:8b: - 75:4b:e4:4e:9c:90:5b:93:2e:c4:9d:db:47:03:2a:81:7d:83: - d6:eb:8e:d5:c9:22:5d:17:b6:1b:ca:2e:94:1c:c3:df:94:f8: - 66:74:76:ed ------BEGIN CERTIFICATE----- -MIIFkTCCBHmgAwIBAgIQByy0Jc3HL3BzRWlllDr03zANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTUwNzEzMDAwMDAwWhcNMTYwNzEzMjM1OTU5WjBhMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEfMB0GA1UEAxMWYnJvd3NlLmRnaXQuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcN -AQEBBQADggGPADCCAYoCggGBAOBoAeZwhr9tPhkoPqkkCI4AICzK1egEQuTKFTRq -j9cVnLPzFrvA2Xl3IT8O9jtpC3/Z0aV1sNo4Mj/lmD7LrOe2lQilOZwPpWmuWa2T -dxClEYOoaMrlYE85E5/35GiVjeQyD7yOaC2Fn6/RZSMFcW+llp4JK+lMY3MXxV+C -WSwucKIXDp3vXwG/D/WPUqVXEtnLbTfYIspOSNL2Y5JTXRuQiSXG5fCwLSV81pRo -3hTrduwTbhFKom6p+6tA503rzedWh1DCvzPj05dQUfkr9iyuJ3mUnk5jXkNKaPIj -6AV5SMSv6+3zrOM8QtbuNSXNqtj/r33HdkjAfqGR4bVr7a50sG20Dnj9CIVfKliu -EiAj90QP5fwXSg+xOPd6DrWEGEa3eZiNWPvPlw8D+qr1G63It38dDckpGa2P5mQ+ -gLLkwFEztcebyht9ofeyVdQ5jtZ3FU3mHHLyAFbxlnXUzYtnd6ApXpL/tL5l/WBN -o74ImUZrrAFJZ+2eInn6ovDdeQIDAQABo4IBxTCCAcEwHwYDVR0jBBgwFoAUs5Cn -2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFCgnF2Rd0ltP8aOU0sHXapRKNMNC -MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYB -BQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1Ud -HwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5k -YXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6 -Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggr -BgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA9BgNVHREENjA0ghZi -cm93c2UuZGdpdC5kZWJpYW4ub3Jnghp3d3cuYnJvd3NlLmRnaXQuZGViaWFuLm9y -ZzANBgkqhkiG9w0BAQsFAAOCAQEAIKffo9TWI4NVG9B80DJ+0zQYA4Ul3CRMn0w4 -SmHWkFORv2+/aAd38B+2oWlwgZP4jFhy8xhq4830z9XW/AU5T56+SQvg11q9P5Wj -uXH/wxrfSYrLcMX+lMJhFfex/GxC3tUlbCXU+pipUWz76rlzpZtO56bxDNDD4+C9 -EGziIjDUnReEiy8RzPBQTlit8akFfVwOY5INjb7YVON57O/EAtnjzt8W6zWOUBGo -IO5NhtMdotsuloVqXjoHRHdlTN5WNTRrRNvfdaaO0aCUmnW13FxCnEJh8OeLdUvk -TpyQW5MuxJ3bRwMqgX2D1uuO1ckiXRe2G8oulBzD35T4ZnR27Q== ------END CERTIFICATE----- diff --git a/modules/ssl/files/servicecerts/git.dgit.debian.org.crt b/modules/ssl/files/servicecerts/git.dgit.debian.org.crt deleted file mode 100644 index 14dd9bb07..000000000 --- a/modules/ssl/files/servicecerts/git.dgit.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ed:8d:5e:ee:dd:94:a8:08:26:5d:b1:14:4c:20:f6:bf - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Jul 13 00:00:00 2015 GMT - Not After : Jul 13 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=git.dgit.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:bc:d0:db:2b:ea:a2:d3:27:74:e6:6a:14:17:72: - 99:90:2a:15:55:27:dc:25:87:9d:9c:19:f6:59:51: - 80:f4:a0:2f:36:81:bc:b7:b6:3a:95:5d:bf:3f:4b: - b8:cb:53:8b:7f:83:81:92:23:a1:16:69:4b:3e:d7: - 07:01:2f:44:fb:5f:52:74:47:f6:48:14:b5:1f:71: - b5:4c:a2:69:31:1f:a3:52:ad:bd:f8:c3:62:9d:dc: - 2d:9a:cb:2a:30:e6:6f:b0:83:03:f0:99:32:af:8c: - 06:33:4c:e1:ac:a0:8d:1c:e8:70:3a:35:56:a5:be: - a5:b4:e8:08:37:c6:77:1d:81:f9:18:ea:21:31:30: - f3:78:c9:70:ca:9e:05:e3:4f:74:8f:b3:3c:90:9b: - 46:40:2d:fc:52:ec:8a:58:e1:ea:d5:37:6b:a9:24: - 94:74:ab:c4:6e:7c:4d:cd:49:25:a1:1f:7d:7b:5d: - f4:73:98:c4:0b:30:3b:56:3e:b6:2c:9e:9a:85:3a: - 50:85:69:13:f4:fe:4b:6a:4a:61:ca:e5:c3:af:2e: - d5:24:88:cf:2b:a3:41:19:42:d2:65:3e:b1:e5:da: - 88:f8:32:97:17:9f:d5:0d:91:e9:49:b3:23:cc:23: - 16:b7:42:d2:cc:37:77:d2:43:7f:54:ee:03:ad:da: - a9:31:27:06:82:72:29:b1:f6:74:c4:94:91:2c:74: - a3:b6:d6:19:67:e3:ce:07:86:35:7e:97:37:45:40: - 69:aa:5f:81:53:2b:11:32:39:37:64:fb:30:d0:a3: - c0:ce:e3:5c:8d:af:de:79:6d:23:ec:be:f2:1a:e9: - 99:be:2e:f6:17:92:67:ea:90:68:69:43:42:c0:ac: - a5:b0:10:21:bc:32:07:1c:b4:79:ea:b7:3d:8b:71: - 6a:64:81:d2:6f:95:23:b6:32:0c:b8:1e:cc:dd:5d: - 37:3c:fa:13:17:74:87:bc:8e:20:9b:1b:87:88:ac: - 8e:02:01:b3:1b:74:d8:c6:c4:bd - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - 85:BD:B3:23:61:CE:04:DC:A1:CD:A1:C7:11:40:51:40:F2:AB:BA:62 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:git.dgit.debian.org, DNS:www.git.dgit.debian.org - Signature Algorithm: sha256WithRSAEncryption - 73:10:70:2b:e8:45:5e:33:1b:60:49:74:5e:2e:dd:44:79:e9: - 43:c6:21:ef:37:39:07:8d:4e:28:98:a8:be:17:f9:45:9e:4e: - 6f:ae:be:9d:35:b8:9f:79:95:b5:30:6a:70:17:98:76:86:fb: - 34:fa:e7:36:52:18:bd:93:07:f7:1a:db:25:67:92:06:93:9d: - cd:ad:e7:d7:4d:a5:a8:00:57:57:2c:a5:47:fc:be:0f:03:36: - 6e:34:bd:a9:c7:0f:84:2f:e1:7e:78:e2:0f:94:6d:97:5b:19: - 04:3b:cb:25:5e:ff:c1:f4:38:ee:a8:07:e3:2a:49:6f:37:d1: - c8:84:9c:af:30:ef:d6:af:35:31:19:ac:ef:f1:a0:d9:bb:6e: - 66:68:62:99:d9:4c:1c:d1:67:d2:53:8e:32:a9:06:8d:24:81: - 0e:85:40:e7:c1:0e:44:70:40:85:42:5d:e8:f9:dc:f9:b9:81: - 90:02:9b:76:7c:48:61:30:6b:5b:bd:8a:13:66:c2:88:fd:4c: - 6d:c7:d5:d8:64:3a:99:f5:0b:3d:ff:39:e7:32:14:06:83:b5: - c9:8b:51:05:46:ad:9a:27:3b:f0:0f:15:a2:9b:e2:ce:14:04: - 18:df:43:58:1b:53:b5:08:75:02:7c:7b:36:7c:d2:cd:9f:6f: - 2f:ae:e9:72 ------BEGIN CERTIFICATE----- -MIIFiTCCBHGgAwIBAgIRAO2NXu7dlKgIJl2xFEwg9r8wDQYJKoZIhvcNAQELBQAw -XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO -MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy -MB4XDTE1MDcxMzAwMDAwMFoXDTE2MDcxMzIzNTk1OVowXjEhMB8GA1UECxMYRG9t -YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT -U0wxHDAaBgNVBAMTE2dpdC5kZ2l0LmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3DQEB -AQUAA4IBjwAwggGKAoIBgQC80Nsr6qLTJ3TmahQXcpmQKhVVJ9wlh52cGfZZUYD0 -oC82gby3tjqVXb8/S7jLU4t/g4GSI6EWaUs+1wcBL0T7X1J0R/ZIFLUfcbVMomkx -H6NSrb34w2Kd3C2ayyow5m+wgwPwmTKvjAYzTOGsoI0c6HA6NValvqW06Ag3xncd -gfkY6iExMPN4yXDKngXjT3SPszyQm0ZALfxS7IpY4erVN2upJJR0q8RufE3NSSWh -H317XfRzmMQLMDtWPrYsnpqFOlCFaRP0/ktqSmHK5cOvLtUkiM8ro0EZQtJlPrHl -2oj4MpcXn9UNkelJsyPMIxa3QtLMN3fSQ39U7gOt2qkxJwaCcimx9nTElJEsdKO2 -1hln484HhjV+lzdFQGmqX4FTKxEyOTdk+zDQo8DO41yNr955bSPsvvIa6Zm+LvYX -kmfqkGhpQ0LArKWwECG8MgcctHnqtz2LcWpkgdJvlSO2Mgy4HszdXTc8+hMXdIe8 -jiCbG4eIrI4CAbMbdNjGxL0CAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFLOQp9jJ -r07NYTyffK1df0H9aTDqMB0GA1UdDgQWBBSFvbMjYc4E3KHNoccRQFFA8qu6YjAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD -AQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUF -BwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8E -OjA4MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFy -ZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8v -Y3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYB -BQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wNwYDVR0RBDAwLoITZ2l0 -LmRnaXQuZGViaWFuLm9yZ4IXd3d3LmdpdC5kZ2l0LmRlYmlhbi5vcmcwDQYJKoZI -hvcNAQELBQADggEBAHMQcCvoRV4zG2BJdF4u3UR56UPGIe83OQeNTiiYqL4X+UWe -Tm+uvp01uJ95lbUwanAXmHaG+zT65zZSGL2TB/ca2yVnkgaTnc2t59dNpagAV1cs -pUf8vg8DNm40vanHD4Qv4X544g+UbZdbGQQ7yyVe/8H0OO6oB+MqSW830ciEnK8w -79avNTEZrO/xoNm7bmZoYpnZTBzRZ9JTjjKpBo0kgQ6FQOfBDkRwQIVCXej53Pm5 -gZACm3Z8SGEwa1u9ihNmwoj9TG3H1dhkOpn1Cz3/OecyFAaDtcmLUQVGrZonO/AP -FaKb4s4UBBjfQ1gbU7UIdQJ8ezZ80s2fby+u6XI= ------END CERTIFICATE----- diff --git a/modules/ssl/files/servicecerts/qa.debian.org.crt b/modules/ssl/files/servicecerts/qa.debian.org.crt deleted file mode 100644 index 1856ba2de..000000000 --- a/modules/ssl/files/servicecerts/qa.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 6e:94:30:f1:e9:76:c3:ef:b6:9a:77:2c:b9:d5:06:06 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Jun 24 00:00:00 2015 GMT - Not After : Jul 3 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=qa.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:c1:a6:3b:04:31:8b:82:22:f7:3a:78:b0:c1:36: - 4e:27:21:fc:7b:24:2b:33:f8:1b:95:58:8b:86:98: - 4d:23:d9:07:45:62:75:c6:3f:9b:c1:85:2c:10:52: - 9c:73:91:19:32:2e:e1:e7:32:50:32:d2:34:81:91: - 80:43:cd:55:eb:82:bf:d2:3c:88:e6:b2:59:f6:3d: - fc:c6:16:7e:3f:fc:52:8f:cf:07:66:26:79:ee:0f: - fe:44:8a:32:82:41:c5:14:e8:15:ab:a4:1d:9c:08: - 3a:f2:79:b6:27:cf:ba:d8:89:53:95:02:82:9d:8f: - 9c:c0:13:0b:fa:e9:df:c2:64:02:42:9c:32:9a:6d: - 6a:01:6d:eb:1c:6c:0f:c9:21:81:9b:aa:26:67:d3: - 72:6f:7a:66:fd:cd:2e:f1:76:0c:a8:58:1d:27:e9: - 1e:a6:da:5a:71:e6:25:5f:a3:c6:1b:b6:82:6c:44: - 1c:12:af:a6:25:ff:0d:a7:e3:b1:42:a8:34:9c:89: - af:c9:da:94:89:a7:92:d7:02:34:45:6a:5f:90:e0: - f7:bc:83:fd:b9:79:f2:e6:39:80:ed:a7:3b:af:c5: - b2:92:69:07:6f:71:23:5f:ec:66:24:9f:1b:7c:c8: - d3:f0:06:c9:74:ac:0c:0b:a2:42:04:d4:ea:6b:e2: - 36:0c:8f:05:ec:06:5a:76:eb:75:f7:0b:1e:a8:b1: - a7:82:a2:0d:6b:ff:c2:5a:09:69:7a:03:7d:3b:58: - f1:d8:6a:54:31:77:a7:e7:d4:d1:d0:0d:06:e6:3f: - 0a:c1:7f:3c:68:0d:54:ec:d6:f4:fa:48:8b:27:ed: - ca:64:d4:42:69:69:f3:bd:34:c2:c8:60:be:9b:cb: - 38:34:57:8a:a1:99:a3:14:c7:30:c1:c6:34:3d:e4: - 56:75:c0:a2:e3:1b:9c:5e:b9:2e:17:18:a8:8b:cb: - 5c:0b:82:aa:6c:79:38:60:52:f5:b7:36:1c:8c:6f: - 17:49:ad:13:e2:f9:74:a6:92:87 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - 94:0C:80:BB:80:94:AA:AE:F6:E7:45:BD:37:8D:69:E4:86:C8:40:B9 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:qa.debian.org, DNS:www.qa.debian.org - Signature Algorithm: sha256WithRSAEncryption - 81:99:1c:ba:96:64:3a:35:8e:d0:c9:1a:6f:ec:e3:35:cd:a9: - 69:46:8c:55:c7:a7:a1:59:e4:8d:8d:9e:f3:34:48:54:f3:0e: - a1:07:75:bd:32:c3:b3:68:14:ba:e0:9b:50:56:90:c6:9f:74: - dc:27:db:0b:b1:86:fa:2c:d5:4e:e2:ff:7c:4b:6c:8e:88:5d: - 9c:aa:1e:41:55:db:96:f9:0b:e5:d2:dc:1c:5b:c2:1a:83:14: - 7e:4c:5d:68:02:ee:1a:29:5c:f2:7b:48:e8:10:de:ed:19:f2: - 97:5e:cc:5e:2f:6c:c0:da:e6:e7:60:d5:3a:46:6e:9d:5c:29: - 9d:c5:6b:9b:90:7e:14:b6:62:ec:e0:dc:0d:e1:02:36:42:75: - b7:50:59:92:be:5c:79:ef:46:86:0b:48:23:06:20:d7:80:a0: - 7c:09:b1:79:fe:a7:8b:40:02:13:d1:a4:cc:5f:a9:d5:68:18: - 39:c5:92:bc:04:5b:b1:79:04:08:ca:3f:e8:cd:fc:4d:3f:f5: - 29:df:17:76:2d:98:56:fa:a5:f1:5c:2b:32:a2:59:be:82:7a: - 25:90:da:07:81:49:5b:82:45:fb:fa:a2:d6:94:c6:d0:7b:39: - 91:40:a4:7a:81:c7:08:a5:25:cd:53:fd:d6:89:14:0f:21:66: - c1:0e:9e:41 ------BEGIN CERTIFICATE----- -MIIFdjCCBF6gAwIBAgIQbpQw8el2w++2mncsudUGBjANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTUwNjI0MDAwMDAwWhcNMTYwNzAzMjM1OTU5WjBYMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEWMBQGA1UEAxMNcWEuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGP -ADCCAYoCggGBAMGmOwQxi4Ii9zp4sME2Tich/HskKzP4G5VYi4aYTSPZB0VidcY/ -m8GFLBBSnHORGTIu4ecyUDLSNIGRgEPNVeuCv9I8iOayWfY9/MYWfj/8Uo/PB2Ym -ee4P/kSKMoJBxRToFaukHZwIOvJ5tifPutiJU5UCgp2PnMATC/rp38JkAkKcMppt -agFt6xxsD8khgZuqJmfTcm96Zv3NLvF2DKhYHSfpHqbaWnHmJV+jxhu2gmxEHBKv -piX/DafjsUKoNJyJr8nalImnktcCNEVqX5Dg97yD/bl58uY5gO2nO6/FspJpB29x -I1/sZiSfG3zI0/AGyXSsDAuiQgTU6mviNgyPBewGWnbrdfcLHqixp4KiDWv/wloJ -aXoDfTtY8dhqVDF3p+fU0dANBuY/CsF/PGgNVOzW9PpIiyftymTUQmlp8700wshg -vpvLODRXiqGZoxTHMMHGND3kVnXAouMbnF65LhcYqIvLXAuCqmx5OGBS9bc2HIxv -F0mtE+L5dKaShwIDAQABo4IBszCCAa8wHwYDVR0jBBgwFoAUs5Cn2MmvTs1hPJ98 -rV1/Qf1pMOowHQYDVR0OBBYEFJQMgLuAlKqu9udFvTeNaeSGyEC5MA4GA1UdDwEB -/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0 -dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0 -oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0Ey -LmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNl -cnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZ -aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTArBgNVHREEJDAigg1xYS5kZWJpYW4u -b3JnghF3d3cucWEuZGViaWFuLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAgZkcupZk -OjWO0Mkab+zjNc2paUaMVcenoVnkjY2e8zRIVPMOoQd1vTLDs2gUuuCbUFaQxp90 -3CfbC7GG+izVTuL/fEtsjohdnKoeQVXblvkL5dLcHFvCGoMUfkxdaALuGilc8ntI -6BDe7Rnyl17MXi9swNrm52DVOkZunVwpncVrm5B+FLZi7ODcDeECNkJ1t1BZkr5c -ee9GhgtIIwYg14CgfAmxef6ni0ACE9GkzF+p1WgYOcWSvARbsXkECMo/6M38TT/1 -Kd8Xdi2YVvql8VwrMqJZvoJ6JZDaB4FJW4JF+/qi1pTG0Hs5kUCkeoHHCKUlzVP9 -1okUDyFmwQ6eQQ== ------END CERTIFICATE-----