From c677b4dbb7ab1e378c6154d45815f27526a5adda Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Sat, 12 Mar 2016 17:57:10 +0100 Subject: [PATCH] Switch piuparts.d.o SSL cert to letsencrypt Signed-off-by: Julien Cristau --- modules/roles/manifests/piuparts.pp | 2 +- .../ssl/files/chains/piuparts.debian.org.crt | 1 - .../servicecerts/piuparts.debian.org.crt | 118 ------------------ 3 files changed, 1 insertion(+), 120 deletions(-) delete mode 120000 modules/ssl/files/chains/piuparts.debian.org.crt delete mode 100644 modules/ssl/files/servicecerts/piuparts.debian.org.crt diff --git a/modules/roles/manifests/piuparts.pp b/modules/roles/manifests/piuparts.pp index eeec705d9..fbd69ef7a 100644 --- a/modules/roles/manifests/piuparts.pp +++ b/modules/roles/manifests/piuparts.pp @@ -1,6 +1,6 @@ class roles::piuparts { ssl::service { 'piuparts.debian.org': notify => Service['apache2'], - tlsaport => 0, + key => true, } } diff --git a/modules/ssl/files/chains/piuparts.debian.org.crt b/modules/ssl/files/chains/piuparts.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/piuparts.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/piuparts.debian.org.crt b/modules/ssl/files/servicecerts/piuparts.debian.org.crt deleted file mode 100644 index b5ae9c33b..000000000 --- a/modules/ssl/files/servicecerts/piuparts.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 75:ae:7b:37:be:17:c1:4f:27:c5:d3:d8:cc:e1:68:23 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Dec 20 00:00:00 2014 GMT - Not After : Apr 10 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=piuparts.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:ba:8c:a3:23:3c:be:33:25:5b:b0:0f:99:fc:34: - ed:21:b4:1a:9e:24:34:e4:3e:5b:54:cf:3f:51:13: - 8a:b3:68:4c:2f:74:e4:ec:17:32:46:0e:83:5d:a2: - f4:82:52:e9:7f:32:e9:d0:a7:ca:6e:1c:1c:53:cd: - 05:9b:3c:f5:2f:81:b3:c6:d3:ef:c4:a7:e3:16:35: - 96:23:76:32:86:a8:11:f6:2e:c0:30:54:ec:48:a2: - 95:c1:52:47:be:f2:2c:10:16:76:99:e3:66:90:90: - ac:1c:f2:b3:31:be:21:eb:9c:53:e2:b4:aa:b7:72: - 1d:cd:4d:e5:76:f4:19:8a:71:e9:99:52:f6:c8:bd: - 87:72:ed:04:5a:9c:af:e7:3d:46:4a:8a:e1:bb:f3: - 6c:1d:d7:27:a7:ff:2d:8f:8b:ab:ef:69:6c:be:60: - ef:c5:fe:1d:ae:fd:03:c7:81:d3:c8:e1:be:c8:50: - 95:b1:dc:cd:15:f4:2d:39:3d:ec:20:9e:44:33:1d: - 90:73:2b:14:0a:69:a1:66:d3:41:2c:75:69:3e:f3: - 93:52:0f:b2:53:46:eb:7a:03:85:00:de:8a:65:7f: - dc:7a:8c:f4:fd:2a:8f:66:d6:ad:78:d3:6e:0a:77: - 37:7e:84:bf:63:40:1e:c3:0c:37:73:bb:e5:e8:06: - da:ba:fe:52:1b:5e:c2:62:af:a6:35:ea:75:1b:d6: - df:d5:22:67:5f:81:64:46:27:1e:c2:e9:a1:6c:ea: - af:19:80:16:3e:ca:1a:bd:a4:d9:89:ac:ee:42:e3: - 2a:ea:55:eb:fb:a2:8d:92:ee:64:8f:9b:b8:fa:6e: - a6:e0:ba:f4:b1:c9:98:bf:0a:6f:6a:05:84:cc:a7: - ba:2e:be:2a:24:4a:78:08:2d:09:d3:85:e0:dc:6f: - 43:96:11:82:5a:c4:a1:d3:8c:12:f8:06:79:66:0b: - 5e:4f:24:06:35:3a:1f:c6:66:9c:15:c2:ab:fb:f5: - 09:b4:68:4c:b6:87:af:8d:11:eb - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - 8E:CB:0F:25:4A:9D:0E:C0:3B:87:7F:FD:D5:80:EC:7E:36:52:E0:86 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:piuparts.debian.org, DNS:www.piuparts.debian.org - Signature Algorithm: sha256WithRSAEncryption - 8a:97:9b:31:4c:32:39:c2:f7:7b:ed:3b:a6:3c:51:6d:60:ea: - e6:70:fa:5d:dd:3c:e5:2a:5f:dc:cd:ad:3d:d1:c5:62:75:c2: - 29:99:b9:fb:55:de:42:5c:92:5b:c1:94:73:73:f8:3a:c0:fd: - 57:6c:72:cb:3d:34:f2:e9:eb:ca:c5:cd:94:0c:c5:02:6d:6d: - a5:cd:71:b4:ae:3b:22:96:4d:8b:ea:a8:73:5a:e4:ca:c3:dd: - 10:b3:94:f3:6a:89:d5:e6:ef:b7:5f:1e:fc:a1:c1:ae:21:63: - b8:af:a0:5b:89:9f:e8:08:89:db:7e:63:b3:ee:bc:3e:57:c2: - d2:69:43:b0:ab:dc:12:be:2d:67:3b:3a:f8:b7:9c:90:56:49: - 5c:ec:6c:88:3c:fd:4b:57:36:e3:32:ab:3a:2a:9b:4c:d9:cf: - 56:2f:c6:86:83:42:42:dc:96:20:90:e1:33:24:e8:7b:f4:4d: - dc:e7:23:dd:05:d2:ae:36:89:e6:cb:d2:6b:21:ea:6a:a1:86: - 0b:e7:9a:5a:e3:ac:5c:f8:ad:2c:c6:2f:f2:0a:6a:db:fd:f2: - 18:55:93:1f:d5:29:b7:e6:82:07:9d:b4:68:d6:32:83:72:15: - 7d:76:c2:ef:23:e7:e2:44:c5:0d:f1:c5:4c:78:7e:de:c8:b9: - c2:ba:2a:26 ------BEGIN CERTIFICATE----- -MIIFiDCCBHCgAwIBAgIQda57N74XwU8nxdPYzOFoIzANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTQxMjIwMDAwMDAwWhcNMTYwNDEwMjM1OTU5WjBeMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEcMBoGA1UEAxMTcGl1cGFydHMuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEB -BQADggGPADCCAYoCggGBALqMoyM8vjMlW7APmfw07SG0Gp4kNOQ+W1TPP1ETirNo -TC905OwXMkYOg12i9IJS6X8y6dCnym4cHFPNBZs89S+Bs8bT78Sn4xY1liN2Moao -EfYuwDBU7EiilcFSR77yLBAWdpnjZpCQrBzyszG+IeucU+K0qrdyHc1N5Xb0GYpx -6ZlS9si9h3LtBFqcr+c9RkqK4bvzbB3XJ6f/LY+Lq+9pbL5g78X+Ha79A8eB08jh -vshQlbHczRX0LTk97CCeRDMdkHMrFAppoWbTQSx1aT7zk1IPslNG63oDhQDeimV/ -3HqM9P0qj2bWrXjTbgp3N36Ev2NAHsMMN3O75egG2rr+UhtewmKvpjXqdRvW39Ui -Z1+BZEYnHsLpoWzqrxmAFj7KGr2k2Yms7kLjKupV6/uijZLuZI+buPpupuC69LHJ -mL8Kb2oFhMynui6+KiRKeAgtCdOF4NxvQ5YRglrEodOMEvgGeWYLXk8kBjU6H8Zm -nBXCq/v1CbRoTLaHr40R6wIDAQABo4IBvzCCAbswHwYDVR0jBBgwFoAUs5Cn2Mmv -Ts1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFI7LDyVKnQ7AO4d//dWA7H42UuCGMA4G -A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUH -AgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6 -MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJk -U1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9j -cnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEF -BQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA3BgNVHREEMDAughNwaXVw -YXJ0cy5kZWJpYW4ub3Jnghd3d3cucGl1cGFydHMuZGViaWFuLm9yZzANBgkqhkiG -9w0BAQsFAAOCAQEAipebMUwyOcL3e+07pjxRbWDq5nD6Xd085Spf3M2tPdHFYnXC -KZm5+1XeQlySW8GUc3P4OsD9V2xyyz008unrysXNlAzFAm1tpc1xtK47IpZNi+qo -c1rkysPdELOU82qJ1ebvt18e/KHBriFjuK+gW4mf6AiJ235js+68PlfC0mlDsKvc -Er4tZzs6+LeckFZJXOxsiDz9S1c24zKrOiqbTNnPVi/GhoNCQtyWIJDhMyToe/RN -3Ocj3QXSrjaJ5svSayHqaqGGC+eaWuOsXPitLMYv8gpq2/3yGFWTH9Upt+aCB520 -aNYyg3IVfXbC7yPn4kTFDfHFTHh+3si5wroqJg== ------END CERTIFICATE----- -- 2.20.1