From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Mon, 13 Jan 2014 22:30:12 +0000 (+0000)
Subject: add sip-ws.debian.org certificate
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=2ea966fb6e16b9422b880e243352b568ad1eb4ce

add sip-ws.debian.org certificate
---

diff --git a/modules/roles/manifests/sip.pp b/modules/roles/manifests/sip.pp
index 324bb15b..6cae95d4 100644
--- a/modules/roles/manifests/sip.pp
+++ b/modules/roles/manifests/sip.pp
@@ -4,6 +4,9 @@ class roles::sip {
 	ssl::service { 'www.debian.org':
 	}
 
+	ssl::service { 'sip-ws.debian.org':
+	}
+
 	concat { '/etc/ssl/debian/certs/www.debian.org-chained.crt':
 	}
 	concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
@@ -19,6 +22,21 @@ class roles::sip {
 		require     => File['/etc/ssl/debian/certs/www.debian.org.crt-chain']
 	}
 
+	concat { '/etc/ssl/debian/certs/sip-ws.debian.org-chained.crt':
+	}
+	concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
+		target      => '/etc/ssl/debian/certs/sip-ws.debian.org-chained.crt',
+		source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
+		order       => 00,
+		require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt']
+	}
+	concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
+		target      => '/etc/ssl/debian/certs/sip-ws.debian.org-chained.crt',
+		source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
+		order       => 99,
+		require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain']
+	}
+
 	@ferm::rule { 'dsa-sip-ws-ip4':
 		domain      => 'ip',
 		description => 'SIP connections (WebSocket; for WebRTC)',
diff --git a/modules/ssl/files/chains/sip-ws.debian.org.crt b/modules/ssl/files/chains/sip-ws.debian.org.crt
new file mode 120000
index 00000000..6aaa9147
--- /dev/null
+++ b/modules/ssl/files/chains/sip-ws.debian.org.crt
@@ -0,0 +1 @@
+GANDI-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/sip-ws.debian.org.crt b/modules/ssl/files/servicecerts/sip-ws.debian.org.crt
new file mode 100644
index 00000000..4f5ecb32
--- /dev/null
+++ b/modules/ssl/files/servicecerts/sip-ws.debian.org.crt
@@ -0,0 +1,107 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            43:36:c3:ba:2c:f3:14:63:3a:a6:fd:4a:8e:30:5f:e9
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA
+        Validity
+            Not Before: Jan 13 00:00:00 2014 GMT
+            Not After : Jan 13 23:59:59 2015 GMT
+        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=sip-ws.debian.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c7:fc:3e:73:ae:e7:f0:59:c1:7d:9f:af:dc:f7:
+                    2f:e5:3f:06:4d:6f:7b:52:e4:4a:20:a6:fa:90:05:
+                    94:9b:3a:a5:48:5c:df:4f:c6:85:3c:99:3b:38:5f:
+                    2b:fc:36:83:f5:d8:03:dd:40:0e:e0:fb:a1:9b:9d:
+                    f3:9e:c8:29:ac:1d:f3:65:e4:32:ad:1c:b8:28:57:
+                    f4:4b:92:ec:31:82:a5:77:67:69:f8:16:03:71:59:
+                    f1:80:d0:32:15:dd:9f:d0:1d:7a:49:e2:3e:6c:b4:
+                    2a:e5:a6:72:f6:45:9f:8b:7a:d5:fd:a5:a4:b5:fa:
+                    f5:af:7c:98:e4:0a:e5:46:7b:d7:47:45:90:af:fd:
+                    d9:2d:75:8a:82:40:27:cc:11:5e:94:24:78:b9:ac:
+                    83:df:5e:94:a3:44:24:7d:83:25:b8:96:a1:c4:02:
+                    0d:84:50:69:91:e2:9a:bd:90:df:81:db:1b:aa:e3:
+                    56:86:51:a3:94:77:c4:d6:3a:83:60:03:e8:5c:93:
+                    74:bf:74:11:14:3b:78:e4:01:b9:c1:49:c7:0b:6f:
+                    bc:43:26:91:eb:31:7c:e7:34:99:4b:50:72:14:d9:
+                    6d:f9:60:35:a0:f8:bd:8b:90:82:dc:35:00:50:bc:
+                    f0:bb:c7:ae:0c:6e:4f:ef:74:b2:03:e8:13:c8:4a:
+                    98:67
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21
+
+            X509v3 Subject Key Identifier: 
+                96:FE:90:9F:68:D6:A5:49:9B:45:0B:B0:79:A0:B5:19:FD:A7:A9:39
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6449.1.2.2.26
+                  CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/
+                Policy: 2.23.140.1.2.1
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.gandi.net/GandiStandardSSLCA.crl
+
+            Authority Information Access: 
+                CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt
+                OCSP - URI:http://ocsp.gandi.net
+
+            X509v3 Subject Alternative Name: 
+                DNS:sip-ws.debian.org, DNS:www.sip-ws.debian.org
+    Signature Algorithm: sha1WithRSAEncryption
+         76:21:ed:92:68:4f:7c:65:1d:24:6f:35:06:5c:1e:c9:3f:9d:
+         78:8c:fc:f7:2a:f1:af:86:93:f6:75:ca:a2:02:a5:8d:f0:8c:
+         00:88:6a:3c:b0:e5:99:d9:10:24:88:04:e0:af:73:a1:7d:da:
+         1d:a4:6c:35:a3:b8:a6:66:74:9a:4c:8a:6c:87:1c:54:12:68:
+         19:cd:f9:08:60:c8:ff:06:24:81:8b:c7:da:a9:a6:05:09:55:
+         3d:74:88:75:df:d8:38:58:9d:47:2f:e6:67:e3:5d:41:a0:f8:
+         88:0d:5b:95:2b:95:1f:a7:f5:46:05:7a:0b:7e:f1:7e:f0:17:
+         9f:08:25:30:89:68:f6:0c:86:54:96:ae:c6:86:42:e2:8e:25:
+         62:c7:34:45:74:e4:64:dd:ba:8d:3d:ea:f8:6e:d5:de:63:82:
+         34:17:01:e0:e2:92:91:1e:fe:61:98:42:8d:11:aa:7a:64:5c:
+         f2:b6:bd:ac:8c:88:6c:be:b3:7f:1d:84:ec:45:47:d7:d8:7b:
+         55:dc:e0:50:8b:b5:a4:ee:e1:b0:d9:df:51:4c:dc:0e:50:40:
+         c0:80:df:92:b3:a0:a6:38:99:00:a8:33:96:8c:3b:88:fd:5f:
+         14:34:3c:c8:05:91:42:8c:42:3a:39:e0:a6:68:22:42:e9:48:
+         75:86:bc:bb
+-----BEGIN CERTIFICATE-----
+MIIE6zCCA9OgAwIBAgIQQzbDuizzFGM6pv1KjjBf6TANBgkqhkiG9w0BAQUFADBB
+MQswCQYDVQQGEwJGUjESMBAGA1UEChMJR0FOREkgU0FTMR4wHAYDVQQDExVHYW5k
+aSBTdGFuZGFyZCBTU0wgQ0EwHhcNMTQwMTEzMDAwMDAwWhcNMTUwMTEzMjM1OTU5
+WjBcMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsT
+EkdhbmRpIFN0YW5kYXJkIFNTTDEaMBgGA1UEAxMRc2lwLXdzLmRlYmlhbi5vcmcw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH/D5zrufwWcF9n6/c9y/l
+PwZNb3tS5EogpvqQBZSbOqVIXN9PxoU8mTs4Xyv8NoP12APdQA7g+6GbnfOeyCms
+HfNl5DKtHLgoV/RLkuwxgqV3Z2n4FgNxWfGA0DIV3Z/QHXpJ4j5stCrlpnL2RZ+L
+etX9paS1+vWvfJjkCuVGe9dHRZCv/dktdYqCQCfMEV6UJHi5rIPfXpSjRCR9gyW4
+lqHEAg2EUGmR4pq9kN+B2xuq41aGUaOUd8TWOoNgA+hck3S/dBEUO3jkAbnBSccL
+b7xDJpHrMXznNJlLUHIU2W35YDWg+L2LkILcNQBQvPC7x64Mbk/vdLID6BPISphn
+AgMBAAGjggHCMIIBvjAfBgNVHSMEGDAWgBS2qP+iqC/Qps1LsWjz51AQMad5ITAd
+BgNVHQ4EFgQUlv6Qn2jWpUmbRQuweaC1Gf2nqTkwDgYDVR0PAQH/BAQDAgWgMAwG
+A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGAGA1Ud
+IARZMFcwSwYLKwYBBAGyMQECAhowPDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5n
+YW5kaS5uZXQvY29udHJhY3RzL2ZyL3NzbC9jcHMvcGRmLzAIBgZngQwBAgEwPAYD
+VR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFy
+ZFNTTENBLmNybDBqBggrBgEFBQcBAQReMFwwNwYIKwYBBQUHMAKGK2h0dHA6Ly9j
+cnQuZ2FuZGkubmV0L0dhbmRpU3RhbmRhcmRTU0xDQS5jcnQwIQYIKwYBBQUHMAGG
+FWh0dHA6Ly9vY3NwLmdhbmRpLm5ldDAzBgNVHREELDAqghFzaXAtd3MuZGViaWFu
+Lm9yZ4IVd3d3LnNpcC13cy5kZWJpYW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQB2
+Ie2SaE98ZR0kbzUGXB7JP514jPz3KvGvhpP2dcqiAqWN8IwAiGo8sOWZ2RAkiATg
+r3OhfdodpGw1o7imZnSaTIpshxxUEmgZzfkIYMj/BiSBi8faqaYFCVU9dIh139g4
+WJ1HL+Zn411BoPiIDVuVK5Ufp/VGBXoLfvF+8BefCCUwiWj2DIZUlq7GhkLijiVi
+xzRFdORk3bqNPer4btXeY4I0FwHg4pKRHv5hmEKNEap6ZFzytr2sjIhsvrN/HYTs
+RUfX2HtV3OBQi7Wk7uGw2d9RTNwOUEDAgN+Ss6CmOJkAqDOWjDuI/V8UNDzIBZFC
+jEI6OeCmaCJC6Uh1hry7
+-----END CERTIFICATE-----