FWIW, deb.d.o runs on a custom LE cert, not on a wildcard, so you can't really compare that. And cdn-fastly.deb.debian.org (which is the "real" Fastly host apt hits) does not have SSL enabled at all.
On Mon, Nov 20, 2017 at 11:58 AM, Greg Sutcliffe <[email protected]> wrote: > On 20/11/17 10:08, Lukas Zapletal wrote: >> Great, thanks. Before moving on, I'd check if yum/deb accepts these >> kind of certificates. I *think* so, but I've heard from security guys >> they don't like these certs at all :-) > > Thanks for the heads up, good to know. I believe Fastly is used by the > Debian repos themselves, so I *think* it's OK, but we can check. We can > always choose not to use their certificate if we want, we have > LetsEncrypt setup on that node anyway... > > Evgeni and I will take a look at this today - Neil, maybe I'll ping you > later in the week if we get stuck :) > > Greg > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- Beste Grüße/Kind regards, Evgeni Golov Software Engineer ________________________________________________________________________ Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
