From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Fri, 17 Jan 2014 20:14:45 +0000 (+0000)
Subject: deploy ssl certificate for rtc.debian.org
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=46c07fe6439fb40dc9bfcbe3a20aa9bb2030396a

deploy ssl certificate for rtc.debian.org
---

diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index a7c7a31a..f6e56b63 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -10,7 +10,7 @@ Use common-static-vhost-with-extra network-test.debian.org "ServerAlias network-
 Use common-static-vhost-with-extra blends.debian.org "ServerAlias blends-backend.debian.org"
 Use common-static-vhost-with-extra wnpp-by-tags.debian.net "ServerAlias wnpp-by-tags-backend.debian.org"
 Use common-static-vhost-ssl dsa.debian.org
-Use common-static-vhost rtc.debian.org
+Use common-static-vhost-ssl rtc.debian.org
 
 # www.backports.org is the historical place for the backports
 # website and archive.  It is now a CNAME to backports.debian.org:
diff --git a/modules/ssl/files/chains/rtc.debian.org.crt b/modules/ssl/files/chains/rtc.debian.org.crt
new file mode 120000
index 00000000..6aaa9147
--- /dev/null
+++ b/modules/ssl/files/chains/rtc.debian.org.crt
@@ -0,0 +1 @@
+GANDI-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/rtc.debian.org.crt b/modules/ssl/files/servicecerts/rtc.debian.org.crt
new file mode 100644
index 00000000..e54fa782
--- /dev/null
+++ b/modules/ssl/files/servicecerts/rtc.debian.org.crt
@@ -0,0 +1,107 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            dd:fa:27:0f:cb:b1:3e:0e:6b:4e:6c:d0:43:91:91:eb
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA
+        Validity
+            Not Before: Jan 17 00:00:00 2014 GMT
+            Not After : Jan 17 23:59:59 2015 GMT
+        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=rtc.debian.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e3:6a:5b:34:c0:96:42:4f:87:0a:9c:a7:a0:74:
+                    e0:cc:b3:d3:52:7a:e6:9c:69:cf:15:51:98:ad:db:
+                    c6:38:d6:a7:3e:10:98:3b:d8:4f:8a:41:e8:87:6e:
+                    3d:86:0c:21:32:62:85:cf:3b:03:10:15:35:3f:d7:
+                    f2:4e:13:bc:9e:fa:84:77:35:dd:b8:99:8b:ab:d3:
+                    b2:c8:4e:48:9b:8d:d3:87:eb:03:0a:32:a2:6c:42:
+                    01:3d:1e:3b:68:64:5c:4f:bd:cd:14:cb:4f:f8:8f:
+                    f3:ee:d0:00:bf:58:e3:fb:88:ac:27:b9:88:87:e7:
+                    12:ed:d9:fd:7c:b4:2f:73:e7:a4:de:a0:94:38:bd:
+                    16:ff:9c:1c:1e:d3:b8:ad:03:f1:f2:83:ec:dc:11:
+                    76:78:e3:b5:90:26:4d:aa:16:66:d1:6d:af:d1:be:
+                    62:c9:83:ef:3f:c4:3e:4c:c1:13:a7:34:0a:25:06:
+                    12:55:cf:1f:12:28:5c:20:c5:37:6f:e4:c0:52:00:
+                    29:b8:58:c2:59:1e:7d:7b:66:f6:fe:e0:ca:44:58:
+                    0c:1a:85:a0:91:c2:dc:30:cd:58:57:89:aa:27:7e:
+                    56:86:2f:d3:45:7d:c4:87:63:25:f1:ae:42:c4:21:
+                    76:5a:01:75:fd:83:ac:f6:d0:18:9d:fc:61:2e:d7:
+                    be:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21
+
+            X509v3 Subject Key Identifier: 
+                32:0E:97:22:93:39:6B:8D:EF:A0:0B:B5:F3:1E:3D:CF:03:C2:BD:7E
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6449.1.2.2.26
+                  CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/
+                Policy: 2.23.140.1.2.1
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.gandi.net/GandiStandardSSLCA.crl
+
+            Authority Information Access: 
+                CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt
+                OCSP - URI:http://ocsp.gandi.net
+
+            X509v3 Subject Alternative Name: 
+                DNS:rtc.debian.org, DNS:www.rtc.debian.org
+    Signature Algorithm: sha1WithRSAEncryption
+         6c:a3:66:21:c0:7f:49:33:55:76:2a:15:c3:3a:ba:f8:cf:05:
+         59:3e:62:2f:bf:b3:e5:63:f6:5c:6d:4f:bd:75:26:2e:ce:e7:
+         2c:1a:be:66:41:99:20:24:cc:41:7d:6b:7c:db:34:33:c1:42:
+         11:23:2a:6d:91:50:1c:a6:b5:dd:c3:64:98:a9:7f:bf:b5:ff:
+         e9:64:07:e8:4b:5b:c2:cf:88:51:7e:08:8b:70:93:56:57:f7:
+         bc:19:f0:88:68:31:89:e9:6a:12:6d:82:bd:35:fb:5d:80:2b:
+         6b:e9:f8:1c:29:5c:7a:60:9a:33:10:da:94:db:71:03:e1:72:
+         a4:05:31:a8:57:2f:83:65:58:32:bd:50:48:af:72:f0:bc:44:
+         cd:b2:1d:69:e9:3d:00:9b:14:3f:cf:16:34:74:b6:cc:40:2b:
+         80:c4:4e:82:09:64:75:56:87:2b:6c:16:98:eb:d0:e8:19:d6:
+         c9:1c:1e:cc:b9:d5:8c:95:08:6c:94:ba:a2:fa:7b:ee:aa:88:
+         70:dc:38:bc:06:f4:e7:1c:a9:d8:d2:ee:83:21:99:5c:6c:32:
+         41:b9:6e:a6:f9:9a:86:0c:53:d9:41:89:01:07:a8:f9:7b:12:
+         5d:16:f8:ac:9b:0d:51:3f:fc:50:f4:87:51:c4:67:e5:4e:b2:
+         05:53:33:a3
+-----BEGIN CERTIFICATE-----
+MIIE4zCCA8ugAwIBAgIRAN36Jw/LsT4Oa05s0EORkeswDQYJKoZIhvcNAQEFBQAw
+QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu
+ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDExNzAwMDAwMFoXDTE1MDExNzIzNTk1
+OVowWTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL
+ExJHYW5kaSBTdGFuZGFyZCBTU0wxFzAVBgNVBAMTDnJ0Yy5kZWJpYW4ub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42pbNMCWQk+HCpynoHTgzLPT
+UnrmnGnPFVGYrdvGONanPhCYO9hPikHoh249hgwhMmKFzzsDEBU1P9fyThO8nvqE
+dzXduJmLq9OyyE5Im43Th+sDCjKibEIBPR47aGRcT73NFMtP+I/z7tAAv1jj+4is
+J7mIh+cS7dn9fLQvc+ek3qCUOL0W/5wcHtO4rQPx8oPs3BF2eOO1kCZNqhZm0W2v
+0b5iyYPvP8Q+TMETpzQKJQYSVc8fEihcIMU3b+TAUgApuFjCWR59e2b2/uDKRFgM
+GoWgkcLcMM1YV4mqJ35Whi/TRX3Eh2Ml8a5CxCF2WgF1/YOs9tAYnfxhLte+eQID
+AQABo4IBvDCCAbgwHwYDVR0jBBgwFoAUtqj/oqgv0KbNS7Fo8+dQEDGneSEwHQYD
+VR0OBBYEFDIOlyKTOWuN76ALtfMePc8Dwr1+MA4GA1UdDwEB/wQEAwIFoDAMBgNV
+HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBgBgNVHSAE
+WTBXMEsGCysGAQQBsjEBAgIaMDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZ2Fu
+ZGkubmV0L2NvbnRyYWN0cy9mci9zc2wvY3BzL3BkZi8wCAYGZ4EMAQIBMDwGA1Ud
+HwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuZ2FuZGkubmV0L0dhbmRpU3RhbmRhcmRT
+U0xDQS5jcmwwagYIKwYBBQUHAQEEXjBcMDcGCCsGAQUFBzAChitodHRwOi8vY3J0
+LmdhbmRpLm5ldC9HYW5kaVN0YW5kYXJkU1NMQ0EuY3J0MCEGCCsGAQUFBzABhhVo
+dHRwOi8vb2NzcC5nYW5kaS5uZXQwLQYDVR0RBCYwJIIOcnRjLmRlYmlhbi5vcmeC
+End3dy5ydGMuZGViaWFuLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAbKNmIcB/STNV
+dioVwzq6+M8FWT5iL7+z5WP2XG1PvXUmLs7nLBq+ZkGZICTMQX1rfNs0M8FCESMq
+bZFQHKa13cNkmKl/v7X/6WQH6Etbws+IUX4Ii3CTVlf3vBnwiGgxielqEm2CvTX7
+XYAra+n4HClcemCaMxDalNtxA+FypAUxqFcvg2VYMr1QSK9y8LxEzbIdaek9AJsU
+P88WNHS2zEArgMROgglkdVaHK2wWmOvQ6BnWyRwezLnVjJUIbJS6ovp77qqIcNw4
+vAb05xyp2NLugyGZXGwyQblupvmahgxT2UGJAQeo+XsSXRb4rJsNUT/8UPSHUcRn
+5U6yBVMzow==
+-----END CERTIFICATE-----