From dd2820b40a30e076f194a7f08560c3fb6cebae64 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 12 Oct 2016 14:29:49 +0200
Subject: [PATCH] LE cert for rt

---
 modules/roles/manifests/rtmaster.pp           |   2 +-
 modules/ssl/files/chains/rt.debian.org.crt    |   1 -
 .../ssl/files/servicecerts/rt.debian.org.crt  | 118 ------------------
 3 files changed, 1 insertion(+), 120 deletions(-)
 delete mode 120000 modules/ssl/files/chains/rt.debian.org.crt
 delete mode 100644 modules/ssl/files/servicecerts/rt.debian.org.crt

diff --git a/modules/roles/manifests/rtmaster.pp b/modules/roles/manifests/rtmaster.pp
index 0546942b7..ab2b666a0 100644
--- a/modules/roles/manifests/rtmaster.pp
+++ b/modules/roles/manifests/rtmaster.pp
@@ -1,6 +1,6 @@
 class roles::rtmaster {
 	ssl::service { 'rt.debian.org':
 		notify  => Exec['service apache2 reload'],
-		tlsaport => 0,
+		key => true,
 	}
 }
diff --git a/modules/ssl/files/chains/rt.debian.org.crt b/modules/ssl/files/chains/rt.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/rt.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/rt.debian.org.crt b/modules/ssl/files/servicecerts/rt.debian.org.crt
deleted file mode 100644
index 546e731d5..000000000
--- a/modules/ssl/files/servicecerts/rt.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            04:5c:44:66:ac:2f:96:6b:5e:b0:de:a4:c3:e1:2b:66
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Jan 20 23:59:59 2017 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=rt.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:c6:af:a6:23:dc:3a:de:ff:c7:e0:54:0b:73:b9:
-                    a4:75:e5:aa:ca:0f:60:69:f9:46:5d:89:5f:74:51:
-                    0c:63:ea:9e:64:eb:35:94:9a:82:f4:11:64:48:4d:
-                    db:3d:5f:2a:4a:32:0d:1f:01:e1:94:9e:db:26:8d:
-                    4f:d0:2e:34:a3:b1:62:fa:e9:75:00:be:01:bc:9c:
-                    e7:4e:1c:1f:9d:c3:40:43:f5:9d:bf:db:37:9f:b2:
-                    ba:fb:1e:5e:3c:b1:4c:57:cd:8b:0c:6a:1b:b0:27:
-                    a0:22:bf:a8:8a:8c:dc:25:10:e6:2e:4c:6c:65:fb:
-                    f7:3b:35:9c:e2:6e:5f:3e:d9:00:0a:3a:7c:7d:10:
-                    4d:0e:0b:b7:4d:5c:b3:84:df:8d:c6:a3:84:2c:86:
-                    dc:cb:6a:68:90:5a:16:53:73:79:eb:df:eb:97:b9:
-                    c9:de:fc:5a:81:0a:64:7c:ee:07:93:1f:13:48:90:
-                    0d:d0:fd:3d:25:ba:f2:b7:92:11:fa:67:71:f9:9e:
-                    f6:8d:ce:53:da:ad:d7:16:fe:3b:ff:9e:71:7e:f0:
-                    64:17:e6:33:50:22:b5:37:40:26:0f:39:bb:c5:28:
-                    d8:3c:dc:55:0e:56:a7:6c:bf:a7:c3:db:47:1f:d9:
-                    c0:01:a1:f7:c6:e6:ba:64:ea:ce:5d:9c:ea:1a:e2:
-                    06:33:2c:19:36:a3:a0:43:e5:0a:2e:70:39:31:d4:
-                    1d:68:16:64:6d:a7:e8:28:79:65:9b:4f:64:79:43:
-                    60:69:2c:86:54:9e:fb:a9:48:78:57:ae:1c:0e:75:
-                    50:c6:00:48:50:4d:c1:fb:b3:a1:31:1c:c4:73:f8:
-                    ba:cf:2a:a5:ee:d4:35:d7:8f:a6:fe:6f:84:0f:e8:
-                    b4:e9:b0:41:79:cd:e4:85:3b:fb:86:01:8b:dc:74:
-                    39:f8:30:d5:30:21:00:f2:cb:80:70:20:0e:04:4c:
-                    fe:bd:a2:64:8b:e7:9f:d3:81:5a:dc:ef:09:8c:4f:
-                    71:1b:75:55:a1:4f:c5:6e:32:8f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                5A:6A:1D:2C:6A:A5:A4:E9:08:71:54:FC:67:53:FC:5F:12:DA:04:0B
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:rt.debian.org, DNS:www.rt.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         4b:6d:dd:c0:74:84:6a:22:db:4f:1e:8f:fd:a4:9b:2d:6c:94:
-         1d:99:40:db:68:c2:c9:bd:b0:0a:ff:14:90:2e:cd:d3:7d:07:
-         e6:52:a4:bb:b5:46:5a:57:c7:57:a8:77:f1:b5:cd:9a:79:c4:
-         db:56:2e:2e:1e:1e:e0:a1:ec:7b:fc:be:84:5c:90:55:84:5a:
-         f6:e4:bd:ee:1c:a4:72:88:69:44:ee:62:6e:8d:05:72:2c:df:
-         a1:b6:da:ea:33:d7:96:5f:85:6e:40:a7:19:6a:b1:66:56:04:
-         f3:34:82:5b:10:d1:5a:6c:8b:e1:2c:a8:5d:5d:4a:ce:82:02:
-         5c:5a:2d:4e:89:b5:2e:1c:4d:00:e0:ed:76:9b:df:ce:45:33:
-         ac:3c:0b:0e:71:a1:6f:4e:4d:82:e0:9b:a7:ec:b0:22:3b:27:
-         0e:46:04:e8:4b:d2:2a:6c:55:02:c5:17:31:e3:3d:c4:e5:10:
-         e8:de:bb:86:19:e5:27:ae:d3:75:c0:f5:ab:b5:8c:ad:18:8d:
-         f8:71:58:3c:5f:fa:d9:c8:24:ee:72:73:80:57:a5:a3:84:76:
-         f7:d6:d6:26:7f:e8:2c:2f:62:9c:bd:2e:59:74:95:ec:48:9e:
-         76:e8:6d:0a:7b:0b:b4:91:c2:0b:c6:6c:fb:56:74:5b:aa:2a:
-         25:46:c5:17
------BEGIN CERTIFICATE-----
-MIIFdjCCBF6gAwIBAgIQBFxEZqwvlmtesN6kw+ErZjANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIwMjM1OTU5WjBYMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEWMBQGA1UEAxMNcnQuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGP
-ADCCAYoCggGBAMavpiPcOt7/x+BUC3O5pHXlqsoPYGn5Rl2JX3RRDGPqnmTrNZSa
-gvQRZEhN2z1fKkoyDR8B4ZSe2yaNT9AuNKOxYvrpdQC+Abyc504cH53DQEP1nb/b
-N5+yuvseXjyxTFfNiwxqG7AnoCK/qIqM3CUQ5i5MbGX79zs1nOJuXz7ZAAo6fH0Q
-TQ4Lt01cs4TfjcajhCyG3MtqaJBaFlNzeevf65e5yd78WoEKZHzuB5MfE0iQDdD9
-PSW68reSEfpncfme9o3OU9qt1xb+O/+ecX7wZBfmM1AitTdAJg85u8Uo2DzcVQ5W
-p2y/p8PbRx/ZwAGh98bmumTqzl2c6hriBjMsGTajoEPlCi5wOTHUHWgWZG2n6Ch5
-ZZtPZHlDYGkshlSe+6lIeFeuHA51UMYASFBNwfuzoTEcxHP4us8qpe7UNdePpv5v
-hA/otOmwQXnN5IU7+4YBi9x0Ofgw1TAhAPLLgHAgDgRM/r2iZIvnn9OBWtzvCYxP
-cRt1VaFPxW4yjwIDAQABo4IBszCCAa8wHwYDVR0jBBgwFoAUs5Cn2MmvTs1hPJ98
-rV1/Qf1pMOowHQYDVR0OBBYEFFpqHSxqpaTpCHFU/GdT/F8S2gQLMA4GA1UdDwEB
-/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-BQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0
-dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0
-oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0Ey
-LmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNl
-cnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZ
-aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTArBgNVHREEJDAigg1ydC5kZWJpYW4u
-b3JnghF3d3cucnQuZGViaWFuLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAS23dwHSE
-aiLbTx6P/aSbLWyUHZlA22jCyb2wCv8UkC7N030H5lKku7VGWlfHV6h38bXNmnnE
-21YuLh4e4KHse/y+hFyQVYRa9uS97hykcohpRO5ibo0Fcizfobba6jPXll+FbkCn
-GWqxZlYE8zSCWxDRWmyL4SyoXV1KzoICXFotTom1LhxNAODtdpvfzkUzrDwLDnGh
-b05NguCbp+ywIjsnDkYE6EvSKmxVAsUXMeM9xOUQ6N67hhnlJ67TdcD1q7WMrRiN
-+HFYPF/62cgk7nJzgFelo4R299bWJn/oLC9inL0uWXSV7EieduhtCnsLtJHCC8Zs
-+1Z0W6oqJUbFFw==
------END CERTIFICATE-----
-- 
2.20.1