From: Martin Zobel-Helas Date: Wed, 1 Jan 2014 10:02:32 +0000 (+0100) Subject: add more servicecerts X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=9685548e2ba3b93994cd7eb129537337cb5fceac add more servicecerts Signed-off-by: Martin Zobel-Helas --- diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index d0d7c8ef..5ff27291 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -92,6 +92,12 @@ class roles { include roles::weblog_destination } + if $::hostname in [vento] { + ssl::service { 'vote.debian.org': + notify => Service['apache2'], + } + } + if $::hostname in [soler] { ssl::service { 'security-tracker.debian.org': notify => Service['apache2'], diff --git a/modules/ssl/files/chains/vote.debian.org.crt b/modules/ssl/files/chains/vote.debian.org.crt new file mode 120000 index 00000000..6aaa9147 --- /dev/null +++ b/modules/ssl/files/chains/vote.debian.org.crt @@ -0,0 +1 @@ +GANDI-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/vote.debian.org.crt b/modules/ssl/files/servicecerts/vote.debian.org.crt new file mode 100644 index 00000000..7c962a8d --- /dev/null +++ b/modules/ssl/files/servicecerts/vote.debian.org.crt @@ -0,0 +1,107 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d7:5c:9e:6e:05:e9:48:a1:00:40:91:68:e9:33:a3:3c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA + Validity + Not Before: Jan 1 00:00:00 2014 GMT + Not After : Jan 1 23:59:59 2015 GMT + Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=vote.debian.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:af:e0:4a:88:35:12:63:4a:8a:0a:15:d9:34:b2: + af:d1:04:cb:9f:00:e2:98:2e:90:42:84:9f:f1:57: + ea:38:bd:7f:9b:f3:f5:a5:3a:68:88:13:38:62:51: + a7:54:91:54:ec:ac:d9:2d:01:c6:f1:5c:4a:bb:95: + 37:fb:84:1a:39:f7:87:5b:19:d6:14:f2:1b:b9:6b: + 39:f7:c3:ec:79:8f:5a:a8:62:41:af:cd:bc:74:16: + e1:59:f8:26:15:78:71:51:be:8c:4a:64:a8:13:7f: + 48:e3:69:bb:74:c6:e4:e8:76:bd:ac:8e:4d:15:52: + a1:2e:fd:81:a8:b5:e4:15:8b:21:ea:ad:63:c2:b3: + 6c:83:4d:2e:da:9c:f4:87:99:2c:70:cd:2e:ab:de: + 53:5d:ae:c2:c7:1c:ef:85:ce:50:6a:a6:e0:70:22: + 49:19:1c:29:c8:4f:5a:e9:39:32:74:05:56:ed:4b: + d9:2c:8a:31:c8:d4:f5:0e:fc:cd:e3:b2:a7:3d:32: + 75:05:b9:98:73:85:47:c4:c0:99:6c:70:f5:ea:c1: + 88:25:2d:83:91:c8:e3:0b:dc:b3:c1:47:79:bd:42: + 25:ba:fb:4e:28:50:88:35:f2:70:e1:df:d3:71:4a: + 5c:31:43:92:9c:00:3a:02:c4:b5:bb:04:c1:64:0d: + 43:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21 + + X509v3 Subject Key Identifier: + C8:13:0A:73:FC:98:6B:57:00:1E:E6:D3:80:48:07:24:D0:A4:FC:C8 + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.6449.1.2.2.26 + CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/ + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.gandi.net/GandiStandardSSLCA.crl + + Authority Information Access: + CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt + OCSP - URI:http://ocsp.gandi.net + + X509v3 Subject Alternative Name: + DNS:vote.debian.org, DNS:www.vote.debian.org + Signature Algorithm: sha1WithRSAEncryption + a9:1b:37:32:18:db:69:df:4e:91:b9:95:8f:ca:22:fc:3c:b3: + c3:68:60:bb:e6:62:d9:88:b7:0e:4c:3a:c9:c2:b5:46:5b:82: + fa:63:e2:29:da:6b:2c:4f:da:62:44:44:f5:2c:8b:83:70:8f: + ca:0b:37:38:3f:d4:70:bd:d5:da:e8:f0:7b:82:8e:12:c3:6c: + b7:3c:72:a7:75:e6:d0:13:65:72:27:9a:cf:9d:a9:e1:9f:d2: + 90:be:7c:29:7a:21:6f:94:24:26:48:93:ac:65:18:fd:d2:04: + ff:b4:19:c8:01:b4:42:e4:4b:b4:58:8b:78:ed:70:76:2d:f3: + 79:53:4f:c4:19:11:c6:52:b4:db:a7:2e:26:3d:8e:b8:e0:b7: + b5:2a:20:be:d6:7c:af:92:05:e3:a7:38:83:cd:1a:35:1b:5e: + 3b:9a:63:fb:fb:3f:7a:b6:08:d0:9f:95:aa:aa:0f:20:5c:bf: + 03:e0:c2:bc:93:d4:8c:56:2c:24:69:0f:2e:07:7b:1c:9b:c7: + aa:f6:b1:01:61:d4:9b:a1:61:76:6b:e5:4d:0d:d7:ce:45:a8: + 8e:0f:f4:3d:3d:d4:0c:41:ea:33:53:e2:d1:55:89:cd:a8:1a: + 98:25:17:56:15:25:39:bc:d2:ce:51:4d:93:67:2a:e4:f3:20: + 0e:3f:ab:3a +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIRANdcnm4F6UihAECRaOkzozwwDQYJKoZIhvcNAQEFBQAw +QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu +ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDEwMTAwMDAwMFoXDTE1MDEwMTIzNTk1 +OVowWjEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL +ExJHYW5kaSBTdGFuZGFyZCBTU0wxGDAWBgNVBAMTD3ZvdGUuZGViaWFuLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/gSog1EmNKigoV2TSyr9EE +y58A4pgukEKEn/FX6ji9f5vz9aU6aIgTOGJRp1SRVOys2S0BxvFcSruVN/uEGjn3 +h1sZ1hTyG7lrOffD7HmPWqhiQa/NvHQW4Vn4JhV4cVG+jEpkqBN/SONpu3TG5Oh2 +vayOTRVSoS79gai15BWLIeqtY8KzbINNLtqc9IeZLHDNLqveU12uwscc74XOUGqm +4HAiSRkcKchPWuk5MnQFVu1L2SyKMcjU9Q78zeOypz0ydQW5mHOFR8TAmWxw9erB +iCUtg5HI4wvcs8FHeb1CJbr7TihQiDXycOHf03FKXDFDkpwAOgLEtbsEwWQNQ3MC +AwEAAaOCAb4wggG6MB8GA1UdIwQYMBaAFLao/6KoL9CmzUuxaPPnUBAxp3khMB0G +A1UdDgQWBBTIEwpz/JhrVwAe5tOASAck0KT8yDAOBgNVHQ8BAf8EBAMCBaAwDAYD +VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYAYDVR0g +BFkwVzBLBgsrBgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3Lmdh +bmRpLm5ldC9jb250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgGBmeBDAECATA8BgNV +HR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9HYW5kaVN0YW5kYXJk +U1NMQ0EuY3JsMGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcwAoYraHR0cDovL2Ny +dC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAhBggrBgEFBQcwAYYV +aHR0cDovL29jc3AuZ2FuZGkubmV0MC8GA1UdEQQoMCaCD3ZvdGUuZGViaWFuLm9y +Z4ITd3d3LnZvdGUuZGViaWFuLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAqRs3Mhjb +ad9OkbmVj8oi/Dyzw2hgu+Zi2Yi3Dkw6ycK1RluC+mPiKdprLE/aYkRE9SyLg3CP +ygs3OD/UcL3V2ujwe4KOEsNstzxyp3Xm0BNlcieaz52p4Z/SkL58KXohb5QkJkiT +rGUY/dIE/7QZyAG0QuRLtFiLeO1wdi3zeVNPxBkRxlK026cuJj2OuOC3tSogvtZ8 +r5IF46c4g80aNRteO5pj+/s/erYI0J+VqqoPIFy/A+DCvJPUjFYsJGkPLgd7HJvH +qvaxAWHUm6FhdmvlTQ3XzkWojg/0PT3UDEHqM1Pi0VWJzagamCUXVhUlObzSzlFN +k2cq5PMgDj+rOg== +-----END CERTIFICATE----- diff --git a/modules/ssl/files/servicecerts/www.debian.org.crt b/modules/ssl/files/servicecerts/www.debian.org.crt new file mode 100644 index 00000000..5211b613 --- /dev/null +++ b/modules/ssl/files/servicecerts/www.debian.org.crt @@ -0,0 +1,106 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c6:43:4a:cb:04:70:a7:58:91:0f:e1:7d:98:ab:2c:7f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA + Validity + Not Before: Dec 31 00:00:00 2013 GMT + Not After : Dec 31 23:59:59 2014 GMT + Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=debian.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:bc:45:e8:c1:23:ff:76:f2:f1:3b:bb:dd:13: + 0e:f8:eb:da:80:2f:5d:3e:48:0a:db:f4:65:22:dc: + 8c:bd:9a:a4:68:4d:60:4e:a1:fc:fc:f7:0a:27:3b: + 5d:93:5c:a9:4c:13:50:96:b7:af:4c:dd:05:a4:b0: + 35:52:ff:94:fb:61:ab:ca:b5:6a:2b:a3:c1:a8:22: + 9b:27:45:80:8a:88:6f:36:71:da:d5:4e:f8:b6:ec: + 41:a1:b5:77:31:3d:dc:d7:52:f9:51:05:fc:e2:01: + ab:b6:30:6b:f1:68:3c:f3:56:e5:0c:1a:ce:5c:20: + ac:0d:8f:cb:92:07:da:4c:a3:ce:d7:2d:4a:31:89: + a2:6e:a1:0d:28:38:49:30:42:37:68:78:38:2e:a2: + be:f8:ff:9c:78:12:63:a3:9a:94:53:53:4e:23:cf: + 04:12:9f:68:ee:75:3f:bb:9f:8a:38:17:11:75:9c: + d8:d9:aa:18:01:61:17:d8:b7:c5:40:10:02:34:33: + 57:bf:f6:d4:40:d1:33:d7:21:1f:3d:a0:0d:40:f3: + ba:59:41:de:73:3c:69:e3:42:9f:d6:87:c3:c5:97: + 9f:10:bb:0a:b1:3d:9f:ac:55:df:9f:1b:20:8c:85: + 19:88:75:89:49:bc:bf:cf:c8:05:44:da:d3:04:8d: + 92:91 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21 + + X509v3 Subject Key Identifier: + FA:B2:E3:4C:6C:7C:9C:17:2A:97:36:4B:A9:56:37:03:24:7C:90:89 + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.6449.1.2.2.26 + CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/ + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.gandi.net/GandiStandardSSLCA.crl + + Authority Information Access: + CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt + OCSP - URI:http://ocsp.gandi.net + + X509v3 Subject Alternative Name: + DNS:debian.org, DNS:www.debian.org + Signature Algorithm: sha1WithRSAEncryption + 0c:f3:54:f5:3a:4a:6c:71:df:ae:93:02:81:a8:e2:95:a9:de: + 66:8c:f3:55:22:94:4b:41:4c:88:0d:3e:e2:74:2f:e7:23:8e: + 81:03:ef:f7:0a:29:dc:fc:69:fb:ec:df:23:cd:0d:f7:4e:84: + e0:0a:ae:ae:d5:23:82:ad:5d:40:04:39:62:fc:13:53:d9:ad: + ac:d4:36:54:f1:9a:8b:96:c4:62:d5:6a:6e:16:23:97:d8:2c: + 18:f1:7d:ac:19:82:d5:81:25:59:52:be:53:3b:60:4d:9d:4b: + 24:ab:3d:c9:bb:91:bd:9a:70:53:3a:95:97:30:c8:60:dd:f9: + 60:3f:24:b2:f0:ad:10:69:14:37:76:73:c3:89:ba:a5:43:62: + 56:1a:ee:e9:3c:aa:38:29:f1:73:0c:d4:18:91:54:f7:05:b4: + 6f:4f:f3:2c:10:78:65:72:52:97:46:51:3a:60:b9:ba:e4:b0: + dd:37:cb:35:10:0e:f5:a9:30:73:fb:3c:46:88:5b:53:d2:4b: + 23:8f:41:99:3b:79:fc:b8:cd:40:61:14:32:3e:cb:60:6e:be: + 5b:f5:89:5d:ff:f7:2a:79:0a:29:fb:a5:3b:d1:64:a2:77:cb: + 02:92:b9:ee:fc:9e:fa:23:ca:2e:4d:eb:03:04:3f:45:5e:fc: + 5d:cc:42:7c +-----BEGIN CERTIFICATE----- +MIIE1zCCA7+gAwIBAgIRAMZDSssEcKdYkQ/hfZirLH8wDQYJKoZIhvcNAQEFBQAw +QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu +ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTEzMTIzMTAwMDAwMFoXDTE0MTIzMTIzNTk1 +OVowVTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL +ExJHYW5kaSBTdGFuZGFyZCBTU0wxEzARBgNVBAMTCmRlYmlhbi5vcmcwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+vEXowSP/dvLxO7vdEw7469qAL10+ +SArb9GUi3Iy9mqRoTWBOofz89wonO12TXKlME1CWt69M3QWksDVS/5T7YavKtWor +o8GoIpsnRYCKiG82cdrVTvi27EGhtXcxPdzXUvlRBfziAau2MGvxaDzzVuUMGs5c +IKwNj8uSB9pMo87XLUoxiaJuoQ0oOEkwQjdoeDguor74/5x4EmOjmpRTU04jzwQS +n2judT+7n4o4FxF1nNjZqhgBYRfYt8VAEAI0M1e/9tRA0TPXIR89oA1A87pZQd5z +PGnjQp/Wh8PFl58QuwqxPZ+sVd+fGyCMhRmIdYlJvL/PyAVE2tMEjZKRAgMBAAGj +ggG0MIIBsDAfBgNVHSMEGDAWgBS2qP+iqC/Qps1LsWjz51AQMad5ITAdBgNVHQ4E +FgQU+rLjTGx8nBcqlzZLqVY3AyR8kIkwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB +/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGAGA1UdIARZMFcw +SwYLKwYBBAGyMQECAhowPDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5nYW5kaS5u +ZXQvY29udHJhY3RzL2ZyL3NzbC9jcHMvcGRmLzAIBgZngQwBAgEwPAYDVR0fBDUw +MzAxoC+gLYYraHR0cDovL2NybC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENB +LmNybDBqBggrBgEFBQcBAQReMFwwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jcnQuZ2Fu +ZGkubmV0L0dhbmRpU3RhbmRhcmRTU0xDQS5jcnQwIQYIKwYBBQUHMAGGFWh0dHA6 +Ly9vY3NwLmdhbmRpLm5ldDAlBgNVHREEHjAcggpkZWJpYW4ub3Jngg53d3cuZGVi +aWFuLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEADPNU9TpKbHHfrpMCgajilaneZozz +VSKUS0FMiA0+4nQv5yOOgQPv9wop3Pxp++zfI80N906E4AqurtUjgq1dQAQ5YvwT +U9mtrNQ2VPGai5bEYtVqbhYjl9gsGPF9rBmC1YElWVK+UztgTZ1LJKs9ybuRvZpw +UzqVlzDIYN35YD8ksvCtEGkUN3Zzw4m6pUNiVhru6TyqOCnxcwzUGJFU9wW0b0/z +LBB4ZXJSl0ZROmC5uuSw3TfLNRAO9akwc/s8RohbU9JLI49BmTt5/LjNQGEUMj7L +YG6+W/WJXf/3KnkKKfulO9FkonfLApK57vye+iPKLk3rAwQ/RV78XcxCfA== +-----END CERTIFICATE-----