[MediaWiki-commits] [Gerrit] ishmael.wikimedia.org to use its own cert, not wildcard - change (operations/puppet)

RobH (Code Review) Mon, 24 Feb 2014 15:19:26 -0800

RobH has submitted this change and it was merged.

Change subject: ishmael.wikimedia.org to use its own cert, not wildcard
......................................................................



ishmael.wikimedia.org to use its own cert, not wildcard

Setting ishmael.wikimedia.org to install and use its own cert, rather
than the wildcard

Change-Id: Id5f19522f1927a28e5099579d3494fa67c5fb02f
RT: 6732
---
A files/ssl/ishmael.wikimedia.org.pem
M manifests/role/ishmael.pp
M modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
3 files changed, 34 insertions(+), 2 deletions(-)

Approvals:
  RobH: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/files/ssl/ishmael.wikimedia.org.pem 
b/files/ssl/ishmael.wikimedia.org.pem
new file mode 100644
index 0000000..5ee85c6
--- /dev/null
+++ b/files/ssl/ishmael.wikimedia.org.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFMDCCBBigAwIBAgIDEOLnMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
+HhcNMTQwMjIyMjMxNTAzWhcNMTUwMjI2MTkyMzQ2WjCBxDEpMCcGA1UEBRMgMEhj
+U0RDZlBaMFRuZTl4TEN4VDZ2RzhjR2M2VUxvb2kxEzARBgNVBAsTCkdUMTgyODQz
+MTUxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
+KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
+U1NMKFIpMR4wHAYDVQQDExVpc2htYWVsLndpa2ltZWRpYS5vcmcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC144qrhl0YcppwjdiZw4jkmqoA0TSx4eh/
+lxM4tCGmlkamk97EpoerziwpRR3k+QnltCIfvKNdX/uwR4PvmVXnpe0o6zmTAuhe
+48d/l82xQc1/aHePKtWJdBpwPH8an32toUO6f8JJS1B7Ell3FJ3tEmHW834Z68w5
+b0bUZShMSds40yvHahGgMkgD69dHAJ9c1TP3m2Y6u4358iaV6ihpIc/KeqM/ACOK
+p/aLzePGEZdDshsNPHUai6V5DASNWqBjcJqUSVv5xruCJomhqDyTxKUkYzr+E72D
+Jtu8se8u22yQl7uRDw/7Df1siMtN89KFT73UPyZ7vLV/7NTmHw2PAgMBAAGjggGw
+MIIBrDAfBgNVHSMEGDAWgBRraT1qGEJK3Y8CZTn9NSSGeJEWMDAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCAGA1UdEQQZMBeC
+FWlzaG1hZWwud2lraW1lZGlhLm9yZzBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8v
+cmFwaWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNybDAdBgNV
+HQ4EFgQU4sKeuAKRUzv1KuM5zLwEoEUaE6UwDAYDVR0TAQH/BAIwADB4BggrBgEF
+BQcBAQRsMGowLQYIKwYBBQUHMAGGIWh0dHA6Ly9yYXBpZHNzbC1vY3NwLmdlb3Ry
+dXN0LmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL3JhcGlkc3NsLWFpYS5nZW90cnVz
+dC5jb20vcmFwaWRzc2wuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEG
+CCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3Bz
+MA0GCSqGSIb3DQEBBQUAA4IBAQA2AKUcWFC3YlcjD1/Es7YgPwgbZrQ345MAuI3k
+wS+uNCGP64FZZsIwYKl48iuhc9J199ZLmiAOqZ+qX9C3JpPko34Hlhh+E9+ER81a
+K9IFXCKLwAUlJjRmxwG7bbKauhNtogmgN7Vf6UQVsX0J2462VOvh78aqvmcFl1uE
++VX5vlQfuh2ojN69Qxb9CN5YIF8l5ZQyNpwvwUQkwHrzzeBpzinHiUEYVD8qNjdY
+KL9A/AzEdQFzov6VHd7ikO28X1zqspIUsBQ5+222Ep1ws8bapQUUwLQT0dW/shGn
+61LLOtu56IfaC7ekNDrn7HU1vM4trV+MJp6UhQj9vKM87HpS
+-----END CERTIFICATE-----
diff --git a/manifests/role/ishmael.pp b/manifests/role/ishmael.pp
index 8a5a4cd..ba5f09e 100644
--- a/manifests/role/ishmael.pp
+++ b/manifests/role/ishmael.pp
@@ -4,6 +4,8 @@
 
     system::role { 'role::ishmael': description => 'ishmael server' }
 
+    install_certificate{ 'ishmael.wikimedia.org': ca => 'RapidSSL_CA.pem' }
+
     class { '::ishmael':
         site_name     => 'ishmael.wikimedia.org',
         config_main   => '/srv/ishmael/conf.php',
diff --git a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb 
b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
index 795736a..3bf43ef 100644
--- a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
+++ b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
@@ -10,8 +10,8 @@
        SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
        SSLHonorCipherOrder on
-       SSLCertificateFile /etc/ssl/private/star.wikimedia.org.pem
-       SSLCertificateKeyFile /etc/ssl/private/star.wikimedia.org.key
+       SSLCertificateFile /etc/ssl/private/ishmael.wikimedia.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/ishmael.wikimedia.org.key
        SSLCACertificateFile /etc/ssl/certs/RapidSSL_CA.pem
        DocumentRoot <%= @docroot %>
 

-- 
To view, visit https://gerrit.wikimedia.org/r/115318
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id5f19522f1927a28e5099579d3494fa67c5fb02f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: RobH <r...@wikimedia.org>
Gerrit-Reviewer: RobH <r...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ishmael.wikimedia.org to use its own cert, not wildcard - change (operations/puppet)

Reply via email to