Hey folks! I'm wondering whether we have a list of people who requested Fedora Messaging (RabbitMQ) certificates and how to contact them. We're in need to refresh the CA cert, so I need to send the new CA cert to all clients so that they can add it to their trusted certs (append it to the file that [tls]ca_cert points to in the config file). Most of those certs are used by apps in ansible, those are easy, but there are also CentOS and external applications IIRC. I've tried searching our tracker with little success.
If you are using fedora-messaging in the CentOS infra, please respond here. If you are using fedora-messaging outside of the Fedora infra, please respond here. I think those user accounts are "external", please chime in if you recognize one of yours: - coreos - centos-ci - osci-pipelines - copr - copr-be-dev - alt-src (CentOS Stream) - centos-integration - centos-koji - cbs - resultsdb-centos - centos-stream-robosignatory - distrobuildsync-eln - odcs-private-queue - odcs - openqa I think those certs aren't used anymore, if that's not the case please respond here: - gitlab-centos - basset - datagrepper (only datanommer is connected to the bus) - git-hooks (used by dist-git but it's now "pagure") - github2fedmsg (retired) - joystick - mailman3-fedmsg-plugin (renamed to "mailman") - mbs-private-queue - messaging-bridge (retired) - monitor-gating - mts - nuancier (retired) - releng-tools - robosign (renamed to "robosignatory") - sse2fedmsg (retired) - supybot-fedmsg (replaced by maubot) - tag2distrepo - tahrir-api (renamed to "tahrir") - ursabot (replaced by maubot) - zanata2fedmsg (retired) - fedora-messaging-operator - fedora-search - fm-orchestrator - rpminspect - testing-farm I've built this list by looking at issued certs that did not have a matching user creation instruction in our ansible repo, so it may be flawed. It would be great if we had some sort of registry with a contact account or address for each issued cert :-) Once every client is trusting the new CA, we can switch the server certs to the new ones, and then send out the updated client certs. The new combined CA file is available at https://infrastructure.fedoraproject.org/infra/rabbitmq-certs/production/ca.crt (replace "production" with "staging" for the staging one) Am I missing something? Thanks for you attention! Aurélien -- _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
