From 322bbc987d12820e4882d654bd0013b72818f074 Mon Sep 17 00:00:00 2001 From: Martin Zobel-Helas Date: Wed, 4 Mar 2015 09:53:27 +0000 Subject: [PATCH] SSL certificate for search.debian.org Signed-off-by: Martin Zobel-Helas --- modules/roles/manifests/search_frontend.pp | 3 + modules/ssl/files/chains/search.debian.org | 1 + .../files/servicecerts/search.debian.org.crt | 107 ++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 120000 modules/ssl/files/chains/search.debian.org create mode 100644 modules/ssl/files/servicecerts/search.debian.org.crt diff --git a/modules/roles/manifests/search_frontend.pp b/modules/roles/manifests/search_frontend.pp index 69398ee07..0b37015b8 100644 --- a/modules/roles/manifests/search_frontend.pp +++ b/modules/roles/manifests/search_frontend.pp @@ -4,4 +4,7 @@ class roles::search_frontend { connecthost => 'wolkenstein.debian.org', connectport => 17010, } + ssl::service { 'search.debian.org': + notify => Service['apache2'], + } } diff --git a/modules/ssl/files/chains/search.debian.org b/modules/ssl/files/chains/search.debian.org new file mode 120000 index 000000000..50d224a83 --- /dev/null +++ b/modules/ssl/files/chains/search.debian.org @@ -0,0 +1 @@ +GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/search.debian.org.crt b/modules/ssl/files/servicecerts/search.debian.org.crt new file mode 100644 index 000000000..a2813276c --- /dev/null +++ b/modules/ssl/files/servicecerts/search.debian.org.crt @@ -0,0 +1,107 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 88:fc:04:f1:bd:15:02:30:3c:2e:2b:d4:cc:6c:d6:1c + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 + Validity + Not Before: Mar 4 00:00:00 2015 GMT + Not After : Mar 4 23:59:59 2016 GMT + Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=search.debian.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f1:b0:01:cb:de:9a:0b:80:26:74:e1:bc:4d:b7: + f0:bd:eb:49:76:d1:f1:34:52:a8:65:18:ff:66:09: + fc:f1:96:60:1d:25:d7:3f:8a:c1:59:82:c6:6d:48: + c2:c0:b3:0f:3f:3d:8f:8e:cb:2c:ab:c8:07:38:91: + 32:0e:03:87:1d:20:16:df:ab:75:08:31:e6:82:f1: + 78:80:52:5c:81:d9:66:15:83:bc:a7:22:99:07:5f: + 79:05:49:57:ef:fc:ee:b5:18:23:5c:09:1a:85:22: + a7:72:12:06:db:ce:15:51:7b:04:2a:33:89:83:99: + 12:ae:c0:f6:8a:21:b7:5b:bd:ee:52:6a:b1:3a:9d: + d9:b5:ac:5e:01:0a:5a:09:eb:b7:ba:d6:90:0e:54: + fa:24:9c:5f:c3:9b:66:09:e6:e6:b6:a7:83:fb:89: + fc:9b:43:d9:76:f2:38:c2:c0:74:20:c8:fe:bc:2f: + 92:45:a2:a6:23:71:b5:65:bc:6c:21:18:99:cd:ee: + 02:04:3a:fb:b8:ab:4b:e3:29:15:83:6c:70:32:b5: + 2f:93:a4:74:ad:7c:51:22:00:16:04:6f:b1:89:20: + 06:f1:2d:be:08:4c:3c:45:d1:00:09:34:0f:c1:3e: + c8:05:96:36:e7:e8:a5:2a:af:38:8d:8a:71:2a:18: + 71:3f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA + + X509v3 Subject Key Identifier: + AF:16:13:71:D2:0F:CF:69:BF:8C:A4:B9:7F:0B:F8:4F:C6:2A:8D:6A + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.6449.1.2.2.26 + CPS: https://cps.usertrust.com + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl + + Authority Information Access: + CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt + OCSP - URI:http://ocsp.usertrust.com + + X509v3 Subject Alternative Name: + DNS:search.debian.org, DNS:www.search.debian.org + Signature Algorithm: sha256WithRSAEncryption + 5b:bd:c1:28:3c:19:63:88:85:50:ba:b8:27:5b:34:ab:cb:01: + 44:72:ed:dd:66:95:57:5d:a9:a1:34:6e:51:d8:9b:42:db:98: + 2d:51:79:ab:e4:c7:6d:00:60:1e:4f:41:a9:d8:3d:ab:4d:77: + 25:b6:97:ef:fe:db:67:09:ae:b2:75:13:a8:42:6c:e6:ed:94: + 95:3f:f7:24:cc:2f:69:1f:13:64:8b:ef:c5:ea:2f:32:a2:91: + 21:46:6f:36:41:b3:0f:6a:d0:b3:21:c4:8e:4e:00:5a:94:a4: + 3a:e9:6d:cb:76:98:26:d1:6e:0c:fa:d2:d3:9d:5d:c7:99:cb: + 09:cc:35:67:ae:85:e8:c3:09:09:9f:dc:ce:67:7f:13:80:bb: + d7:b2:a0:13:59:50:6a:60:21:c9:4a:73:80:15:a0:e3:5c:79: + eb:7c:11:29:51:3b:35:2a:bc:8f:2a:4a:f0:10:e3:e0:f6:50: + ec:5e:c2:03:d2:99:86:3b:bd:65:94:cf:10:5c:7e:52:2f:5b: + 3a:d9:ba:76:dc:cf:d1:8e:67:4f:c2:4f:43:10:6d:01:f6:3a: + 03:d4:b1:5a:a2:46:21:a2:11:f2:62:e0:c2:fc:b3:13:a0:86: + 60:b8:03:44:30:9e:1c:df:be:99:e4:79:dd:fd:99:72:2c:c1: + 3b:a1:e0:de +-----BEGIN CERTIFICATE----- +MIIFAzCCA+ugAwIBAgIRAIj8BPG9FQIwPC4r1Mxs1hwwDQYJKoZIhvcNAQELBQAw +XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO +MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy +MB4XDTE1MDMwNDAwMDAwMFoXDTE2MDMwNDIzNTk1OVowXDEhMB8GA1UECxMYRG9t +YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT +U0wxGjAYBgNVBAMTEXNlYXJjaC5kZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA8bABy96aC4AmdOG8TbfwvetJdtHxNFKoZRj/Zgn88ZZg +HSXXP4rBWYLGbUjCwLMPPz2Pjsssq8gHOJEyDgOHHSAW36t1CDHmgvF4gFJcgdlm +FYO8pyKZB195BUlX7/zutRgjXAkahSKnchIG284VUXsEKjOJg5kSrsD2iiG3W73u +UmqxOp3ZtaxeAQpaCeu3utaQDlT6JJxfw5tmCebmtqeD+4n8m0PZdvI4wsB0IMj+ +vC+SRaKmI3G1ZbxsIRiZze4CBDr7uKtL4ykVg2xwMrUvk6R0rXxRIgAWBG+xiSAG +8S2+CEw8RdEACTQPwT7IBZY25+ilKq84jYpxKhhxPwIDAQABo4IBuzCCAbcwHwYD +VR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFK8WE3HSD89p +v4ykuX8L+E/GKo1qMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEB +AgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYG +Z4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNv +bS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYB +BQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM +Q0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAz +BgNVHREELDAqghFzZWFyY2guZGViaWFuLm9yZ4IVd3d3LnNlYXJjaC5kZWJpYW4u +b3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBbvcEoPBljiIVQurgnWzSrywFEcu3dZpVX +XamhNG5R2JtC25gtUXmr5MdtAGAeT0Gp2D2rTXcltpfv/ttnCa6ydROoQmzm7ZSV +P/ckzC9pHxNki+/F6i8yopEhRm82QbMPatCzIcSOTgBalKQ66W3Ldpgm0W4M+tLT +nV3HmcsJzDVnroXowwkJn9zOZ38TgLvXsqATWVBqYCHJSnOAFaDjXHnrfBEpUTs1 +KryPKkrwEOPg9lDsXsID0pmGO71llM8QXH5SL1s62bp23M/RjmdPwk9DEG0B9joD +1LFaokYhohHyYuDC/LMToIZguANEMJ4c376Z5Hnd/ZlyLME7oeDe +-----END CERTIFICATE----- -- 2.20.1