From a13971dba2d897bfd8059925aad8fd4c9477788c Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Wed, 12 Oct 2016 14:37:14 +0200 Subject: [PATCH] LE cert for nm, contributors --- modules/roles/manifests/contributors.pp | 2 +- modules/roles/manifests/nm.pp | 2 +- .../files/chains/contributors.debian.org.crt | 1 - modules/ssl/files/chains/nm.debian.org.crt | 1 - .../servicecerts/contributors.debian.org.crt | 118 ------------------ .../ssl/files/servicecerts/nm.debian.org.crt | 118 ------------------ 6 files changed, 2 insertions(+), 240 deletions(-) delete mode 120000 modules/ssl/files/chains/contributors.debian.org.crt delete mode 120000 modules/ssl/files/chains/nm.debian.org.crt delete mode 100644 modules/ssl/files/servicecerts/contributors.debian.org.crt delete mode 100644 modules/ssl/files/servicecerts/nm.debian.org.crt diff --git a/modules/roles/manifests/contributors.pp b/modules/roles/manifests/contributors.pp index 200a6a03f..856b84afe 100644 --- a/modules/roles/manifests/contributors.pp +++ b/modules/roles/manifests/contributors.pp @@ -1,6 +1,6 @@ class roles::contributors { ssl::service { 'contributors.debian.org': notify => Exec['service apache2 reload'], - tlsaport => 0, + key => true, } } diff --git a/modules/roles/manifests/nm.pp b/modules/roles/manifests/nm.pp index c42810d00..3a8ee2fc5 100644 --- a/modules/roles/manifests/nm.pp +++ b/modules/roles/manifests/nm.pp @@ -1,6 +1,6 @@ class roles::nm { ssl::service { 'nm.debian.org': notify => Exec['service apache2 reload'], - tlsaport => 0, + key => true, } } diff --git a/modules/ssl/files/chains/contributors.debian.org.crt b/modules/ssl/files/chains/contributors.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/contributors.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/chains/nm.debian.org.crt b/modules/ssl/files/chains/nm.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/nm.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/contributors.debian.org.crt b/modules/ssl/files/servicecerts/contributors.debian.org.crt deleted file mode 100644 index 530fff5ed..000000000 --- a/modules/ssl/files/servicecerts/contributors.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - a4:67:ec:e8:f0:c3:1c:c9:04:ab:2e:6d:9a:3c:61:7a - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Dec 11 00:00:00 2015 GMT - Not After : Jan 20 23:59:59 2017 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=contributors.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:d3:51:7a:8f:18:0c:fe:c0:df:82:fe:e1:81:a6: - c2:68:18:5d:7a:fd:f1:6e:7d:83:12:04:9a:75:cf: - ac:3c:72:06:0f:e8:a2:de:0c:b3:be:02:95:84:ca: - f0:14:25:70:ab:cc:6c:7a:33:01:99:0c:1b:6d:31: - 06:f8:c3:8f:f8:86:a0:18:02:9c:b0:6d:25:32:74: - fa:99:9f:1d:16:ef:ff:e4:23:f1:1e:8c:11:bf:d8: - d2:0d:f1:cc:b8:c5:50:7b:0f:89:bc:4b:74:59:68: - 5d:52:48:40:ef:72:87:c4:d6:78:92:5d:b2:23:40: - 6b:52:bb:a2:a8:64:d3:df:8a:ee:22:57:54:4e:2f: - 1e:39:8e:66:cc:62:98:44:51:cf:71:c4:3d:d2:9c: - 36:17:0c:a7:01:2d:dd:32:df:b0:1e:3f:b0:fc:ef: - c7:6a:6b:ea:d9:e0:7f:ab:b4:0a:3d:89:a6:b3:c9: - 01:02:1c:d5:1e:20:4f:18:e4:04:a7:82:ca:71:02: - bb:5f:51:1c:90:b3:04:77:ea:9e:6e:01:1c:23:3e: - d8:14:b5:86:eb:03:7e:4a:32:25:20:1e:01:52:56: - 2a:1c:b8:cb:47:29:6e:77:40:95:2a:4e:f1:eb:e8: - ab:4b:4a:22:fb:27:dc:92:c7:5d:83:18:16:bd:ec: - b8:f4:89:5e:73:cb:2a:b8:b9:13:f4:87:5a:b2:ac: - e8:86:9f:18:86:78:a7:fe:f6:c4:66:fa:46:4a:3b: - 6f:f5:b6:33:5c:f6:6f:41:0c:f2:7d:b4:7f:9c:0f: - 56:e4:5b:e6:51:57:37:bf:1c:f1:ec:9f:31:55:1f: - ce:26:8d:82:88:99:2b:e1:f4:fb:69:b7:6f:36:5b: - 55:cf:a0:71:8f:82:0f:96:5f:84:39:6f:77:26:2f: - 34:2c:8a:f8:ad:8d:eb:d7:a7:d7:9a:1f:48:f8:40: - 03:1a:f0:da:1a:18:5e:f6:65:cb:43:65:c5:d7:42: - 3b:97:9c:34:88:f6:4f:20:eb:49 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - AE:F2:2B:58:B1:9F:1C:19:38:F2:6B:89:59:C4:F1:AB:E3:09:62:75 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:contributors.debian.org, DNS:www.contributors.debian.org - Signature Algorithm: sha256WithRSAEncryption - 4d:a6:bf:81:81:40:6b:8a:da:e7:12:28:f6:1a:30:18:7b:8d: - bc:d0:b5:f1:25:8d:20:80:98:ab:d5:3d:9f:ae:ae:c3:2b:16: - 5c:c7:a1:af:3e:0a:71:31:e8:af:02:c6:aa:ab:39:55:98:25: - 1c:8c:8e:f9:c3:e6:30:d7:5a:b9:f3:26:3b:9c:fd:b9:a5:9e: - 15:ed:ab:1f:e4:f6:3c:9d:66:1f:6a:7e:0d:2d:9c:3f:da:e0: - 86:30:f4:39:94:29:32:fe:69:f8:3d:d7:72:a7:6d:eb:3a:f0: - a8:a1:28:f7:14:e6:f2:9e:48:24:8a:88:96:cd:19:88:6f:8a: - df:2f:f1:a9:63:ec:d6:1c:a3:5d:22:61:f6:5d:1f:24:b4:80: - 2b:1e:be:65:c8:e1:9f:fd:46:01:d2:38:8f:3e:30:7c:03:c2: - b1:e6:67:7c:66:6b:5e:43:ec:83:a7:54:14:28:fb:60:81:44: - c1:ed:2c:26:9d:7b:a7:6d:ec:28:91:39:0c:a4:14:64:e8:b4: - a9:cb:0f:05:32:62:f3:f3:d3:f8:79:2b:bf:27:5b:af:b1:11: - a7:5a:05:a7:96:07:07:ec:c0:9f:7f:ea:16:64:52:fc:b4:d9: - 9f:5b:96:9d:1a:a0:83:7b:85:7a:3f:f9:95:25:48:99:02:4e: - 79:ea:dc:92 ------BEGIN CERTIFICATE----- -MIIFlTCCBH2gAwIBAgIRAKRn7OjwwxzJBKsubZo8YXowDQYJKoZIhvcNAQELBQAw -XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO -MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy -MB4XDTE1MTIxMTAwMDAwMFoXDTE3MDEyMDIzNTk1OVowYjEhMB8GA1UECxMYRG9t -YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT -U0wxIDAeBgNVBAMTF2NvbnRyaWJ1dG9ycy5kZWJpYW4ub3JnMIIBojANBgkqhkiG -9w0BAQEFAAOCAY8AMIIBigKCAYEA01F6jxgM/sDfgv7hgabCaBhdev3xbn2DEgSa -dc+sPHIGD+ii3gyzvgKVhMrwFCVwq8xsejMBmQwbbTEG+MOP+IagGAKcsG0lMnT6 -mZ8dFu//5CPxHowRv9jSDfHMuMVQew+JvEt0WWhdUkhA73KHxNZ4kl2yI0BrUrui -qGTT34ruIldUTi8eOY5mzGKYRFHPccQ90pw2FwynAS3dMt+wHj+w/O/Hamvq2eB/ -q7QKPYmms8kBAhzVHiBPGOQEp4LKcQK7X1EckLMEd+qebgEcIz7YFLWG6wN+SjIl -IB4BUlYqHLjLRylud0CVKk7x6+irS0oi+yfcksddgxgWvey49Ilec8squLkT9Ida -sqzohp8Yhnin/vbEZvpGSjtv9bYzXPZvQQzyfbR/nA9W5FvmUVc3vxzx7J8xVR/O -Jo2CiJkr4fT7abdvNltVz6Bxj4IPll+EOW93Ji80LIr4rY3r16fXmh9I+EADGvDa -Ghhe9mXLQ2XF10I7l5w0iPZPIOtJAgMBAAGjggHHMIIBwzAfBgNVHSMEGDAWgBSz -kKfYya9OzWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQUrvIrWLGfHBk48muJWcTxq+MJ -YnUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAlBggr -BgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwQQYD -VR0fBDowODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRpU3Rh -bmRhcmRTU0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYwaHR0 -cDovL2NydC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0MCUG -CCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMD8GA1UdEQQ4MDaC -F2NvbnRyaWJ1dG9ycy5kZWJpYW4ub3Jnght3d3cuY29udHJpYnV0b3JzLmRlYmlh -bi5vcmcwDQYJKoZIhvcNAQELBQADggEBAE2mv4GBQGuK2ucSKPYaMBh7jbzQtfEl -jSCAmKvVPZ+ursMrFlzHoa8+CnEx6K8CxqqrOVWYJRyMjvnD5jDXWrnzJjuc/bml -nhXtqx/k9jydZh9qfg0tnD/a4IYw9DmUKTL+afg913Knbes68KihKPcU5vKeSCSK -iJbNGYhvit8v8alj7NYco10iYfZdHyS0gCsevmXI4Z/9RgHSOI8+MHwDwrHmZ3xm -a15D7IOnVBQo+2CBRMHtLCade6dt7CiROQykFGTotKnLDwUyYvPz0/h5K78nW6+x -EadaBaeWBwfswJ9/6hZkUvy02Z9blp0aoIN7hXo/+ZUlSJkCTnnq3JI= ------END CERTIFICATE----- diff --git a/modules/ssl/files/servicecerts/nm.debian.org.crt b/modules/ssl/files/servicecerts/nm.debian.org.crt deleted file mode 100644 index af2994e7c..000000000 --- a/modules/ssl/files/servicecerts/nm.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 6e:66:f3:bf:fa:81:51:fa:2d:d7:19:93:b5:98:6e:b0 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Dec 11 00:00:00 2015 GMT - Not After : Jan 20 23:59:59 2017 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=nm.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:ac:af:9a:d3:85:e3:d3:d6:9e:d4:41:d3:ee:46: - d8:0b:94:73:41:7a:43:82:0d:7b:ed:f1:d9:51:42: - dd:e3:91:c2:28:25:d0:e1:6c:ed:91:95:0a:36:a4: - 09:f2:9b:c6:0d:14:c3:c5:f7:72:30:1e:4f:4c:97: - 7b:31:81:a1:5d:80:24:76:20:2b:81:79:d4:d0:51: - 95:10:f4:24:a8:1c:d9:08:76:1e:9e:a6:db:51:c2: - c4:66:27:45:64:7e:28:e0:8b:d2:e0:96:7c:08:da: - 47:c2:7f:d9:49:7f:33:39:80:c8:0c:c0:4e:d3:68: - ec:7f:44:0a:a2:15:92:80:6b:3c:da:38:c0:e0:1a: - 86:b8:7b:7a:86:84:43:55:68:fa:32:af:60:0a:01: - 09:d4:07:47:f3:0c:90:85:f4:95:72:42:5c:7d:a7: - c4:3f:06:a2:44:80:d0:d1:24:0a:b8:c3:81:5a:1b: - 25:fb:e1:55:6b:43:c6:3e:16:b5:de:dc:4e:98:f2: - 1c:a4:0c:7a:51:6d:7f:76:99:c6:70:90:53:33:6e: - 09:80:bd:f3:0d:e4:ce:2c:25:e5:5f:34:48:ed:64: - e6:fd:25:f2:ba:15:1c:f0:e6:12:b2:ef:31:fd:0d: - bd:ee:d8:1b:ef:d4:8f:1d:c6:2a:73:0d:77:30:8f: - 9e:dc:52:6d:85:c0:c9:6f:ec:ef:d1:fe:54:54:1d: - 69:3b:51:95:2c:d3:f2:db:66:80:73:7d:0d:b9:ec: - 4b:45:db:41:d3:d2:a1:90:35:e9:50:20:40:84:b2: - a8:6b:94:1a:9e:70:8f:14:2c:96:32:c4:d3:07:61: - 10:89:82:b1:34:00:0d:33:ae:d3:a3:74:10:86:87: - 4b:ab:bc:a3:16:46:3d:64:83:38:aa:66:02:07:a6: - 87:1b:f0:28:7b:aa:79:a0:14:3f:5a:90:91:54:ed: - f5:48:07:bb:3e:38:36:31:59:17:d7:25:dd:67:b1: - a1:97:d3:33:41:c1:c0:40:c5:71 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - A3:2A:D5:D0:07:FA:55:4D:59:5B:DB:95:C5:42:B2:44:FC:20:2C:A5 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:nm.debian.org, DNS:www.nm.debian.org - Signature Algorithm: sha256WithRSAEncryption - 7d:0f:b6:24:01:f5:c1:89:76:68:2d:f0:e2:94:5c:6b:4e:00: - 8c:c7:66:69:9f:34:c0:5a:15:e7:91:ca:dc:d2:2b:cd:ea:0d: - 49:20:35:3b:62:73:7f:73:68:ec:39:36:ae:9c:a7:28:a0:23: - 42:6b:65:69:8f:d7:e8:f6:fa:f2:d5:f6:4e:d0:20:6f:87:b1: - 6a:15:b9:95:e9:c9:14:bb:e2:0b:3c:24:76:84:6f:a2:ee:83: - 47:a6:a4:94:4c:75:fc:fd:cf:f6:23:8f:a3:f0:3f:4d:9d:ae: - c7:69:fe:44:10:b5:bf:60:ff:10:34:20:68:44:7c:d0:70:8d: - e1:99:9a:f1:99:47:5f:60:b6:50:b9:15:92:3b:f8:ed:a9:15: - 53:58:cb:02:83:b7:99:08:e3:9b:7e:53:e2:7b:86:79:c3:68: - 58:38:61:3f:61:f0:51:29:23:09:cb:b3:3e:d7:c0:1e:04:33: - 38:03:e0:79:54:26:f2:3e:fa:a1:f3:01:15:55:75:4d:9a:8f: - c2:76:42:6d:db:46:b3:1c:df:ee:12:26:8c:ff:23:a0:aa:66: - 85:20:05:51:29:e3:6d:b5:53:3a:3a:c3:21:da:6a:a4:4c:c9: - 09:e6:8c:38:98:2f:ee:f5:89:04:21:ee:c4:82:02:a4:d5:18: - bb:ac:de:58 ------BEGIN CERTIFICATE----- -MIIFdjCCBF6gAwIBAgIQbmbzv/qBUfot1xmTtZhusDANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIwMjM1OTU5WjBYMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEWMBQGA1UEAxMNbm0uZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGP -ADCCAYoCggGBAKyvmtOF49PWntRB0+5G2AuUc0F6Q4INe+3x2VFC3eORwigl0OFs -7ZGVCjakCfKbxg0Uw8X3cjAeT0yXezGBoV2AJHYgK4F51NBRlRD0JKgc2Qh2Hp6m -21HCxGYnRWR+KOCL0uCWfAjaR8J/2Ul/MzmAyAzATtNo7H9ECqIVkoBrPNo4wOAa -hrh7eoaEQ1Vo+jKvYAoBCdQHR/MMkIX0lXJCXH2nxD8GokSA0NEkCrjDgVobJfvh -VWtDxj4Wtd7cTpjyHKQMelFtf3aZxnCQUzNuCYC98w3kziwl5V80SO1k5v0l8roV -HPDmErLvMf0Nve7YG+/Ujx3GKnMNdzCPntxSbYXAyW/s79H+VFQdaTtRlSzT8ttm -gHN9DbnsS0XbQdPSoZA16VAgQISyqGuUGp5wjxQsljLE0wdhEImCsTQADTOu06N0 -EIaHS6u8oxZGPWSDOKpmAgemhxvwKHuqeaAUP1qQkVTt9UgHuz44NjFZF9cl3Wex -oZfTM0HBwEDFcQIDAQABo4IBszCCAa8wHwYDVR0jBBgwFoAUs5Cn2MmvTs1hPJ98 -rV1/Qf1pMOowHQYDVR0OBBYEFKMq1dAH+lVNWVvblcVCskT8ICylMA4GA1UdDwEB -/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0 -dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0 -oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0Ey -LmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNl -cnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZ -aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTArBgNVHREEJDAigg1ubS5kZWJpYW4u -b3JnghF3d3cubm0uZGViaWFuLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAfQ+2JAH1 -wYl2aC3w4pRca04AjMdmaZ80wFoV55HK3NIrzeoNSSA1O2Jzf3No7Dk2rpynKKAj -QmtlaY/X6Pb68tX2TtAgb4exahW5lenJFLviCzwkdoRvou6DR6aklEx1/P3P9iOP -o/A/TZ2ux2n+RBC1v2D/EDQgaER80HCN4Zma8ZlHX2C2ULkVkjv47akVU1jLAoO3 -mQjjm35T4nuGecNoWDhhP2HwUSkjCcuzPtfAHgQzOAPgeVQm8j76ofMBFVV1TZqP -wnZCbdtGsxzf7hImjP8joKpmhSAFUSnjbbVTOjrDIdpqpEzJCeaMOJgv7vWJBCHu -xIICpNUYu6zeWA== ------END CERTIFICATE----- -- 2.20.1