[MediaWiki-commits] [Gerrit] Provision the RapidSSL_SHA256_CA_-_G3 CA - change (operations/puppet)

Wed, 04 Feb 2015 07:26:23 -0800 

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/188562

Change subject: Provision the RapidSSL_SHA256_CA_-_G3 CA
......................................................................

Provision the RapidSSL_SHA256_CA_-_G3 CA

Certificates with a new sub CA RapidSSL_SHA256_CA_-_G3 were added in
e9011dd, 7098ec4, a0879f9 without the actual subCA being provisioned.
This created T88507 and broke functionality of RT queues since
rt-mailergate would fail to push to RT due to certificate verify failed
errors. Provision it

Bug: T88507
Change-Id: I3ccb79051b2544c29d1b95103d2530f398c0dd1d
---
A files/ssl/RapidSSL_SHA256_CA_-_G3.crt
M manifests/certs.pp
2 files changed, 40 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/62/188562/1

diff --git a/files/ssl/RapidSSL_SHA256_CA_-_G3.crt 
b/files/ssl/RapidSSL_SHA256_CA_-_G3.crt
new file mode 100644
index 0000000..f8acd33
--- /dev/null
+++ b/files/ssl/RapidSSL_SHA256_CA_-_G3.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYT
+AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVz
+dCBHbG9iYWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBH
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UE
+AxMXUmFwaWRTU0wgU0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCvVJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBd
+mJyNkA+8EGVf2prWRHzAn7XpSowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9E
+X9zHFLYDn4ZLDqP/oIACg8PTH2lS1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4K
+jxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQDAP8m/0Ip4yM26eO8R5j3LMBL3+v
+V8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AMQriYrRmIV9cE7Ie/fodOoyH5
+U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkpYEj4/5G8V1jlNS67abZZ
+AgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrM
+TjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYDVR0TAQH/BAgw
+BgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0
+cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEB
+BCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
+MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdl
+b3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCj
+WB7GQzKsrC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/C
+J8cW8fuTgZCpfO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5Uz
+CHuTcSJCs6nZb0+BkvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5h
+o452nFnPjJSxhJf3GrkHuLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq
+7A6rvz17OQV79PP7GqHQyH5OZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWm
+My66S6VdU5oNMOGNX2Esr8zvsJmhgP8L8mJMcCaY
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/manifests/certs.pp b/manifests/certs.pp
index 86dda70..2be3f53 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -307,6 +307,20 @@
     }
 }
 
+class certificates::rapidssl_sha256_ca_G3 {
+
+    include certificates::base
+
+    file { '/usr/local/share/ca-certificates/RapidSSL_SHA256_CA_-_G3.crt':
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0444',
+        source  => 'puppet:///files/ssl/RapidSSL_SHA256_CA_-_G3.crt',
+        require => Package['openssl'],
+        notify  => Exec['update-ca-certificates'],
+    }
+}
+
 class certificates::digicert_ca {
 
     include certificates::base

-- 
To view, visit https://gerrit.wikimedia.org/r/188562
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3ccb79051b2544c29d1b95103d2530f398c0dd1d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to