From 27102846593c0c9931e017e857b35ae4321db5fd Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 7 Mar 2016 20:09:48 +0100 Subject: [PATCH] security-master ssl with key, and ssl for rsync --- modules/roles/manifests/security_master.pp | 2 + .../chains/security-master.debian.org.crt | 1 - .../security-master.debian.org.crt | 114 ------------------ 3 files changed, 2 insertions(+), 115 deletions(-) delete mode 120000 modules/ssl/files/chains/security-master.debian.org.crt delete mode 100644 modules/ssl/files/servicecerts/security-master.debian.org.crt diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp index 71927756e..ae3c471f0 100644 --- a/modules/roles/manifests/security_master.pp +++ b/modules/roles/manifests/security_master.pp @@ -2,6 +2,7 @@ class roles::security_master { ssl::service { 'security-master.debian.org': notify => Service['apache2'], + key => true, } vsftpd::site { 'security': @@ -15,5 +16,6 @@ class roles::security_master { rsync::site { 'security_master': source => 'puppet:///modules/roles/security_master/rsyncd.conf', max_clients => 100, + sslname => "security-master.debian.org", } } diff --git a/modules/ssl/files/chains/security-master.debian.org.crt b/modules/ssl/files/chains/security-master.debian.org.crt deleted file mode 120000 index 394f127ef..000000000 --- a/modules/ssl/files/chains/security-master.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -DEBIAN-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/security-master.debian.org.crt b/modules/ssl/files/servicecerts/security-master.debian.org.crt deleted file mode 100644 index 9529472c8..000000000 --- a/modules/ssl/files/servicecerts/security-master.debian.org.crt +++ /dev/null @@ -1,114 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 121 (0x79) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Debian, CN=ca.debian.org/emailAddress=debian-admin@debian.org - Validity - Not Before: Apr 3 20:42:24 2015 GMT - Not After : Apr 2 20:42:24 2016 GMT - Subject: O=Debian, CN=security-master.debian.org/emailAddress=debian-admin@debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:e1:c0:c3:93:00:cd:30:21:95:b7:8f:88:71:a3: - ff:69:5f:52:3d:64:c7:ed:1a:3c:9d:b9:07:33:1e: - da:45:89:d8:5b:bf:c9:65:64:fc:ad:37:e7:b3:a4: - 3f:14:6b:ea:71:5f:37:0a:a3:bd:ac:f3:ac:82:18: - 11:b3:5c:18:8c:0c:52:d4:92:5b:60:b6:02:6f:f4: - 30:8a:4d:14:d1:4f:0f:6b:7e:ab:a6:38:3f:9e:fd: - f6:d9:72:ee:d7:b0:cf:8b:59:0b:ca:33:3e:1d:e5: - 1f:e0:f3:ac:4e:b4:03:60:9d:1a:5e:18:c6:3f:91: - 89:bd:8c:79:5f:ad:e1:9c:b3:5e:b2:f7:3d:b0:44: - 5f:20:9b:0a:d5:74:9f:b0:40:df:53:66:bc:ab:c5: - 4d:b1:68:ff:db:0e:ce:9c:4b:cf:1a:b6:76:b8:b3: - 75:7b:fb:0a:de:85:e9:72:08:f2:6d:9e:1e:20:91: - 64:57:93:20:3e:bc:de:69:e4:c7:45:a8:b7:eb:72: - 2a:a3:c3:42:43:ca:78:97:a6:b7:b8:a0:c4:fc:fb: - 4b:ca:6b:82:93:97:6c:92:a4:4a:5a:7b:64:fd:8a: - 06:db:b5:37:e1:7b:3c:0c:24:c8:b0:96:c7:b3:65: - 90:f5:7d:9b:cf:7a:5a:e4:77:fb:81:57:be:1e:4c: - 53:6e:0b:d1:53:0f:c4:d5:3a:0a:bc:19:08:42:ba: - 69:9a:ac:91:8e:10:b3:9a:38:23:d2:cf:18:e5:f8: - a3:5e:76:65:78:92:56:86:1d:ef:c8:d2:88:b5:04: - f2:2c:4f:b1:05:29:d5:79:40:3b:62:23:49:22:e2: - e7:fc:b0:cc:ef:b3:45:74:b3:86:cc:be:db:6a:e8: - 7e:7d:5d:8e:db:15:cf:97:8d:ba:f1:90:b4:3a:d1: - ea:aa:40:93:13:3b:11:0e:8e:08:fe:bb:21:0f:0f: - 00:01:22:d9:8b:bc:0e:11:7e:6e:90:c7:1c:83:2f: - 10:f7:b1:6c:26:df:a1:60:38:df - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 41:48:AC:77:56:FF:18:56:4F:8F:7E:6A:96:26:F6:0D:55:0B:A2:00 - X509v3 Authority Key Identifier: - keyid:A7:CF:4B:FA:5F:12:C6:23:74:2E:9E:A3:95:90:75:8C:CC:26:76:96 - DirName:/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=hostmaster@spi-inc.org - serial:03 - - Signature Algorithm: sha1WithRSAEncryption - 50:c8:6a:d6:69:f4:75:27:53:e7:27:85:e5:6d:a5:f4:e8:1c: - 5c:99:42:65:eb:ab:9a:cb:1f:0a:71:88:8a:01:03:4d:23:cf: - 11:70:27:a1:b0:1f:4d:ee:d2:81:10:38:af:55:90:c1:bc:ee: - 00:8a:05:aa:ef:1e:ea:0b:28:d3:05:57:ff:c2:6c:61:54:5b: - d9:3d:2e:3d:3e:32:20:62:9a:fd:d1:f0:f7:bc:99:58:b8:95: - 28:35:1d:f7:84:e7:4c:dc:4d:ba:29:1e:a0:3f:c5:29:c0:cb: - 1b:35:df:cc:56:0a:48:45:c7:0b:d5:6b:76:5e:6f:1d:97:3a: - fd:63:a2:bb:d5:f6:84:5d:2d:88:17:f8:9c:ec:1b:68:18:cf: - b1:c4:1b:64:ae:92:cc:17:d8:0b:0c:76:ee:7b:69:27:7a:e0: - 20:f5:69:ac:55:e1:a7:ae:be:57:84:01:91:80:a0:5d:7a:42: - 87:6c:84:ac:5b:45:aa:52:86:66:f5:03:06:a1:d9:2a:94:13: - 82:ce:88:ed:1c:ce:5a:8a:04:d3:27:8f:6e:ec:12:67:d4:4e: - a6:bd:b3:65:dc:32:89:62:28:d6:1a:cb:cf:a7:13:78:06:8b: - 4d:91:be:c4:07:b5:ef:51:0f:18:42:b1:26:ec:3c:db:5c:14: - 62:8f:8f:f0:8b:ca:34:b4:3a:35:c9:e6:e9:40:46:5e:1b:9b: - 5b:bb:61:cd:80:90:65:37:9b:12:d3:c2:02:06:aa:d3:8d:0e: - db:d8:ed:37:d9:32:66:24:cf:e0:ae:65:a8:01:9e:d3:73:8a: - 24:7f:3b:f9:d4:79:e6:d3:3a:db:e8:5d:d5:d7:0d:de:4d:76: - a9:28:71:9c:4f:ae:be:77:7a:23:ec:1a:01:85:42:a5:8e:18: - 84:f1:ff:b9:62:7d:99:c4:32:51:64:8a:a2:8b:dd:b8:7b:62: - 0d:45:20:c3:74:a7:37:4c:49:78:c0:d6:21:53:be:d0:5f:0e: - d1:89:54:cf:12:5f:f6:9f:27:37:1f:cc:f2:e1:c7:b2:9b:d3: - a3:25:68:e5:7d:d4:55:6b:1b:cb:82:23:46:95:9e:16:f0:fa: - 73:ab:51:cb:b3:af:0b:88:b0:f2:40:a0:f2:db:74:8f:01:04: - aa:c3:18:73:b6:7b:eb:22:d7:66:f9:c1:f9:e2:88:73:99:5e: - 9d:70:fc:4f:b3:f2:69:51:c7:0f:07:e3:75:b1:9b:a3:e7:6a: - b1:4b:18:0b:af:2f:99:90:73:73:86:31:c5:7b:18:91:b3:d4: - 5a:07:be:f7:0f:b9:36:1c:ac:93:c5:07:a9:e6:e4:d8:5e:b9: - 6c:79:8d:e8:f5:ec:2b:2c ------BEGIN CERTIFICATE----- -MIIFxjCCA66gAwIBAgIBeTANBgkqhkiG9w0BAQUFADBRMQ8wDQYDVQQKEwZEZWJp -YW4xFjAUBgNVBAMTDWNhLmRlYmlhbi5vcmcxJjAkBgkqhkiG9w0BCQEWF2RlYmlh -bi1hZG1pbkBkZWJpYW4ub3JnMB4XDTE1MDQwMzIwNDIyNFoXDTE2MDQwMjIwNDIy -NFowXjEPMA0GA1UEChMGRGViaWFuMSMwIQYDVQQDExpzZWN1cml0eS1tYXN0ZXIu -ZGViaWFuLm9yZzEmMCQGCSqGSIb3DQEJARYXZGViaWFuLWFkbWluQGRlYmlhbi5v -cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDhwMOTAM0wIZW3j4hx -o/9pX1I9ZMftGjyduQczHtpFidhbv8llZPytN+ezpD8Ua+pxXzcKo72s86yCGBGz -XBiMDFLUkltgtgJv9DCKTRTRTw9rfqumOD+e/fbZcu7XsM+LWQvKMz4d5R/g86xO -tANgnRpeGMY/kYm9jHlfreGcs16y9z2wRF8gmwrVdJ+wQN9TZryrxU2xaP/bDs6c -S88atna4s3V7+wrehelyCPJtnh4gkWRXkyA+vN5p5MdFqLfrciqjw0JDyniXpre4 -oMT8+0vKa4KTl2ySpEpae2T9igbbtTfhezwMJMiwlsezZZD1fZvPelrkd/uBV74e -TFNuC9FTD8TVOgq8GQhCummarJGOELOaOCPSzxjl+KNedmV4klaGHe/I0oi1BPIs -T7EFKdV5QDtiI0ki4uf8sMzvs0V0s4bMvttq6H59XY7bFc+XjbrxkLQ60eqqQJMT -OxEOjgj+uyEPDwABItmLvA4Rfm6QxxyDLxD3sWwm36FgON8CAwEAAaOCARowggEW -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFEFIrHdW/xhWT49+apYm9g1VC6IAMIHpBgNV -HSMEgeEwgd6AFKfPS/pfEsYjdC6eo5WQdYzMJnaWoYHCpIG/MIG8MQswCQYDVQQG -EwJVUzEQMA4GA1UECBMHSW5kaWFuYTEVMBMGA1UEBxMMSW5kaWFuYXBvbGlzMSgw -JgYDVQQKEx9Tb2Z0d2FyZSBpbiB0aGUgUHVibGljIEludGVyZXN0MRMwEQYDVQQL -Ewpob3N0bWFzdGVyMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJTAj -BgkqhkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmeCAQMwDQYJKoZIhvcN -AQEFBQADggIBAFDIatZp9HUnU+cnheVtpfToHFyZQmXrq5rLHwpxiIoBA00jzxFw -J6GwH03u0oEQOK9VkMG87gCKBarvHuoLKNMFV//CbGFUW9k9Lj0+MiBimv3R8Pe8 -mVi4lSg1HfeE50zcTbopHqA/xSnAyxs138xWCkhFxwvVa3Zebx2XOv1jorvV9oRd -LYgX+JzsG2gYz7HEG2SukswX2AsMdu57aSd64CD1aaxV4aeuvleEAZGAoF16Qods -hKxbRapShmb1Awah2SqUE4LOiO0czlqKBNMnj27sEmfUTqa9s2XcMoliKNYay8+n -E3gGi02RvsQHte9RDxhCsSbsPNtcFGKPj/CLyjS0OjXJ5ulARl4bm1u7Yc2AkGU3 -mxLTwgIGqtONDtvY7TfZMmYkz+CuZagBntNziiR/O/nUeebTOtvoXdXXDd5Ndqko -cZxPrr53eiPsGgGFQqWOGITx/7lifZnEMlFkiqKL3bh7Yg1FIMN0pzdMSXjA1iFT -vtBfDtGJVM8SX/afJzcfzPLhx7Kb06MlaOV91FVrG8uCI0aVnhbw+nOrUcuzrwuI -sPJAoPLbdI8BBKrDGHO2e+si12b5wfniiHOZXp1w/E+z8mlRxw8H43Wxm6PnarFL -GAuvL5mQc3OGMcV7GJGz1FoHvvcPuTYcrJPFB6nm5NheuWx5jej17Css ------END CERTIFICATE----- -- 2.20.1