From 322bbc987d12820e4882d654bd0013b72818f074 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Wed, 4 Mar 2015 09:53:27 +0000
Subject: [PATCH] SSL certificate for search.debian.org

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---
 modules/roles/manifests/search_frontend.pp    |   3 +
 modules/ssl/files/chains/search.debian.org    |   1 +
 .../files/servicecerts/search.debian.org.crt  | 107 ++++++++++++++++++
 3 files changed, 111 insertions(+)
 create mode 120000 modules/ssl/files/chains/search.debian.org
 create mode 100644 modules/ssl/files/servicecerts/search.debian.org.crt

diff --git a/modules/roles/manifests/search_frontend.pp b/modules/roles/manifests/search_frontend.pp
index 69398ee07..0b37015b8 100644
--- a/modules/roles/manifests/search_frontend.pp
+++ b/modules/roles/manifests/search_frontend.pp
@@ -4,4 +4,7 @@ class roles::search_frontend {
 		connecthost => 'wolkenstein.debian.org',
 		connectport => 17010,
 	}
+	ssl::service { 'search.debian.org':
+		notify => Service['apache2'],
+	}
 }
diff --git a/modules/ssl/files/chains/search.debian.org b/modules/ssl/files/chains/search.debian.org
new file mode 120000
index 000000000..50d224a83
--- /dev/null
+++ b/modules/ssl/files/chains/search.debian.org
@@ -0,0 +1 @@
+GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/search.debian.org.crt b/modules/ssl/files/servicecerts/search.debian.org.crt
new file mode 100644
index 000000000..a2813276c
--- /dev/null
+++ b/modules/ssl/files/servicecerts/search.debian.org.crt
@@ -0,0 +1,107 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            88:fc:04:f1:bd:15:02:30:3c:2e:2b:d4:cc:6c:d6:1c
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
+        Validity
+            Not Before: Mar  4 00:00:00 2015 GMT
+            Not After : Mar  4 23:59:59 2016 GMT
+        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=search.debian.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:f1:b0:01:cb:de:9a:0b:80:26:74:e1:bc:4d:b7:
+                    f0:bd:eb:49:76:d1:f1:34:52:a8:65:18:ff:66:09:
+                    fc:f1:96:60:1d:25:d7:3f:8a:c1:59:82:c6:6d:48:
+                    c2:c0:b3:0f:3f:3d:8f:8e:cb:2c:ab:c8:07:38:91:
+                    32:0e:03:87:1d:20:16:df:ab:75:08:31:e6:82:f1:
+                    78:80:52:5c:81:d9:66:15:83:bc:a7:22:99:07:5f:
+                    79:05:49:57:ef:fc:ee:b5:18:23:5c:09:1a:85:22:
+                    a7:72:12:06:db:ce:15:51:7b:04:2a:33:89:83:99:
+                    12:ae:c0:f6:8a:21:b7:5b:bd:ee:52:6a:b1:3a:9d:
+                    d9:b5:ac:5e:01:0a:5a:09:eb:b7:ba:d6:90:0e:54:
+                    fa:24:9c:5f:c3:9b:66:09:e6:e6:b6:a7:83:fb:89:
+                    fc:9b:43:d9:76:f2:38:c2:c0:74:20:c8:fe:bc:2f:
+                    92:45:a2:a6:23:71:b5:65:bc:6c:21:18:99:cd:ee:
+                    02:04:3a:fb:b8:ab:4b:e3:29:15:83:6c:70:32:b5:
+                    2f:93:a4:74:ad:7c:51:22:00:16:04:6f:b1:89:20:
+                    06:f1:2d:be:08:4c:3c:45:d1:00:09:34:0f:c1:3e:
+                    c8:05:96:36:e7:e8:a5:2a:af:38:8d:8a:71:2a:18:
+                    71:3f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
+
+            X509v3 Subject Key Identifier: 
+                AF:16:13:71:D2:0F:CF:69:BF:8C:A4:B9:7F:0B:F8:4F:C6:2A:8D:6A
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6449.1.2.2.26
+                  CPS: https://cps.usertrust.com
+                Policy: 2.23.140.1.2.1
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
+
+            Authority Information Access: 
+                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
+                OCSP - URI:http://ocsp.usertrust.com
+
+            X509v3 Subject Alternative Name: 
+                DNS:search.debian.org, DNS:www.search.debian.org
+    Signature Algorithm: sha256WithRSAEncryption
+         5b:bd:c1:28:3c:19:63:88:85:50:ba:b8:27:5b:34:ab:cb:01:
+         44:72:ed:dd:66:95:57:5d:a9:a1:34:6e:51:d8:9b:42:db:98:
+         2d:51:79:ab:e4:c7:6d:00:60:1e:4f:41:a9:d8:3d:ab:4d:77:
+         25:b6:97:ef:fe:db:67:09:ae:b2:75:13:a8:42:6c:e6:ed:94:
+         95:3f:f7:24:cc:2f:69:1f:13:64:8b:ef:c5:ea:2f:32:a2:91:
+         21:46:6f:36:41:b3:0f:6a:d0:b3:21:c4:8e:4e:00:5a:94:a4:
+         3a:e9:6d:cb:76:98:26:d1:6e:0c:fa:d2:d3:9d:5d:c7:99:cb:
+         09:cc:35:67:ae:85:e8:c3:09:09:9f:dc:ce:67:7f:13:80:bb:
+         d7:b2:a0:13:59:50:6a:60:21:c9:4a:73:80:15:a0:e3:5c:79:
+         eb:7c:11:29:51:3b:35:2a:bc:8f:2a:4a:f0:10:e3:e0:f6:50:
+         ec:5e:c2:03:d2:99:86:3b:bd:65:94:cf:10:5c:7e:52:2f:5b:
+         3a:d9:ba:76:dc:cf:d1:8e:67:4f:c2:4f:43:10:6d:01:f6:3a:
+         03:d4:b1:5a:a2:46:21:a2:11:f2:62:e0:c2:fc:b3:13:a0:86:
+         60:b8:03:44:30:9e:1c:df:be:99:e4:79:dd:fd:99:72:2c:c1:
+         3b:a1:e0:de
+-----BEGIN CERTIFICATE-----
+MIIFAzCCA+ugAwIBAgIRAIj8BPG9FQIwPC4r1Mxs1hwwDQYJKoZIhvcNAQELBQAw
+XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
+MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
+MB4XDTE1MDMwNDAwMDAwMFoXDTE2MDMwNDIzNTk1OVowXDEhMB8GA1UECxMYRG9t
+YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
+U0wxGjAYBgNVBAMTEXNlYXJjaC5kZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA8bABy96aC4AmdOG8TbfwvetJdtHxNFKoZRj/Zgn88ZZg
+HSXXP4rBWYLGbUjCwLMPPz2Pjsssq8gHOJEyDgOHHSAW36t1CDHmgvF4gFJcgdlm
+FYO8pyKZB195BUlX7/zutRgjXAkahSKnchIG284VUXsEKjOJg5kSrsD2iiG3W73u
+UmqxOp3ZtaxeAQpaCeu3utaQDlT6JJxfw5tmCebmtqeD+4n8m0PZdvI4wsB0IMj+
+vC+SRaKmI3G1ZbxsIRiZze4CBDr7uKtL4ykVg2xwMrUvk6R0rXxRIgAWBG+xiSAG
+8S2+CEw8RdEACTQPwT7IBZY25+ilKq84jYpxKhhxPwIDAQABo4IBuzCCAbcwHwYD
+VR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFK8WE3HSD89p
+v4ykuX8L+E/GKo1qMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEB
+AgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYG
+Z4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNv
+bS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYB
+BQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM
+Q0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAz
+BgNVHREELDAqghFzZWFyY2guZGViaWFuLm9yZ4IVd3d3LnNlYXJjaC5kZWJpYW4u
+b3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBbvcEoPBljiIVQurgnWzSrywFEcu3dZpVX
+XamhNG5R2JtC25gtUXmr5MdtAGAeT0Gp2D2rTXcltpfv/ttnCa6ydROoQmzm7ZSV
+P/ckzC9pHxNki+/F6i8yopEhRm82QbMPatCzIcSOTgBalKQ66W3Ldpgm0W4M+tLT
+nV3HmcsJzDVnroXowwkJn9zOZ38TgLvXsqATWVBqYCHJSnOAFaDjXHnrfBEpUTs1
+KryPKkrwEOPg9lDsXsID0pmGO71llM8QXH5SL1s62bp23M/RjmdPwk9DEG0B9joD
+1LFaokYhohHyYuDC/LMToIZguANEMJ4c376Z5Hnd/ZlyLME7oeDe
+-----END CERTIFICATE-----
-- 
2.20.1