chef: Remove ancient verisign 1024 root cert

diff --git a/cookbooks/chef/recipes/default.rb b/cookbooks/chef/recipes/default.rb
index 91a91001c3d4254e6bfc9db199e7c6688166acb0..99f665541521c5ff1a4926d03e0308909b61d524 100644 (file)
--- a/cookbooks/chef/recipes/default.rb
+++ b/cookbooks/chef/recipes/default.rb
@@ -102,17 +102,9 @@ template "/etc/logrotate.d/chef" do
   mode "644"
 end
 
-directory "/etc/chef/trusted_certs" do
-  owner "root"
-  group "root"
-  mode "755"
-end
-
-template "/etc/chef/trusted_certs/verisign.pem" do
-  source "verisign.pem.erb"
-  owner "root"
-  group "root"
-  mode "644"
+# Remove the ancient verisign certificate workaround
+file "/etc/chef/trusted_certs/verisign.pem" do
+  action :delete
 end
 
 directory node[:ohai][:plugin_dir] do

diff --git a/cookbooks/chef/templates/default/verisign.pem.erb b/cookbooks/chef/templates/default/verisign.pem.erb
deleted file mode 100644 (file)
index d209ab6..0000000
--- a/cookbooks/chef/templates/default/verisign.pem.erb
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
-2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
-2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
------END CERTIFICATE-----