From: Tom Hughes Date: Mon, 23 Feb 2015 10:36:29 +0000 (+0000) Subject: Add osmfoundation.org certificate X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/b44875cc22941c94de364788fa03b369d74902c9 Add osmfoundation.org certificate --- diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb index 7865752e3..33005cb03 100644 --- a/cookbooks/civicrm/recipes/default.rb +++ b/cookbooks/civicrm/recipes/default.rb @@ -17,7 +17,7 @@ # limitations under the License. # -node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["crm.osmfoundation"] +node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"] include_recipe "wordpress" include_recipe "mysql" @@ -39,7 +39,8 @@ end wordpress_site "crm.osmfoundation.org" do ssl_enabled true - ssl_certificate "crm.osmfoundation" + ssl_certificate "osmfoundation" + ssl_certificate_chain "startcom" database_name "civicrm" database_user "civicrm" database_password database_password diff --git a/cookbooks/ssl/files/default/crm.osmfoundation.pem b/cookbooks/ssl/files/default/crm.osmfoundation.pem deleted file mode 100644 index 36261979a..000000000 --- a/cookbooks/ssl/files/default/crm.osmfoundation.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFATCCAumgAwIBAgIDAlJkMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB -Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV -BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTQxMjE2MTIwODIxWhcNMTYxMjE1 -MTIwODIxWjAgMR4wHAYDVQQDExVjcm0ub3NtZm91bmRhdGlvbi5vcmcwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5UVvmSjwN7x03au9xudnXAdK6Hjzr -bnKpSZMLjmjZGdrtJELRl0/xkbk984A4SufMm5TtdrehBinjug7my9BZocyCAscW -RTe3O3S6i+LQaKQe+2CtzVAx4fZSIznE4VCSFB5pRgpaffXQMr1aXTGGoODjet4T -3hEUzVg0WwymbLh62eN4aIFvCLtN3U4+7l8UhZD5LDYDjU1wsE80yX+z96/6s0OY -3T85bgNg7u/qMKczY9FlWY8Rz+ORcDElMO+tATq89+tcvuYBNIAfaqH2H49+Y5Lh -LTKeotMuJyZwJInUsDtryY/QsPltEWbkiR0xbSpzTgK8R9HIbRORAfxDAgMBAAGj -ggEOMIIBCjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTAr -BggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggr -BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcv -MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMt -cmV2b2tlLmNybDBFBgNVHREEPjA8ghVjcm0ub3NtZm91bmRhdGlvbi5vcmegIwYI -KwYBBQUHCAWgFwwVY3JtLm9zbWZvdW5kYXRpb24ub3JnMA0GCSqGSIb3DQEBCwUA -A4ICAQA7OZ1BHDxvKFZzmhjUnrtaCMus9vTwenq4b3ml4WZHpVOMPUe6wmm9cvRf -UdzbZ8EPFvTkXgxJrRSAqSwbcwtOTyy4IIRR1CjrfHQHc/Gx/GRlc4sUFSHDGFH3 -bcwAUfOPTE741G+ir+1yltakfAoRWbf7wJWFaFIzJjSsEYbx9x4eoeeU+J0vGLHT -1yXty57WWtclH1UoSte+1dqec0Gj949DOgMczygeiC25VrNyEnHw8SZudLLNDQIX -4GNd0n02gKzyjipG4bRPXlyjfARF3OxZr/A2jgOzcAwPJmVWmORckpw5fWtTf1Kj -D2cFgNRjzdHnGX1R77PdtXqsEPnap6f1W74H+PT3s1vIkqwT+meRqQITeIxAsu2B -Ytk2ogRgWcqosb+SU4pQwvL/BeQocCdWZLt5wIkAuJjUvtVRl2WDJu+4ODT0Fjq0 -tveXh1C5uZAKPtTo97osvK9YsLVCwfrz+qTAUlVnZXBekmLsX8YslNdMP00P44oP -zSdv2jEu1oFJR28epu77wz85WWo6Dam18xsSA8LE2ZPmi+xyCGuBTBpaP7yTCarh -jOqt/dWOeWSgtXFmzGvhHet+k7bzzyITMHxBrSyIl+T97h50tbY1UB0x5vx6bU9F -0izvC+d5RULNW240ZMsbcPx983USj9+4dUAJ5P9FMqtWcqWYLQ== ------END CERTIFICATE----- diff --git a/cookbooks/ssl/files/default/osmfoundation.pem b/cookbooks/ssl/files/default/osmfoundation.pem new file mode 100644 index 000000000..fae368848 --- /dev/null +++ b/cookbooks/ssl/files/default/osmfoundation.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIIzDCCB7SgAwIBAgIHBsLao8VPUzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE +BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE +aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs +YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MDIyMTAz +MDg1OFoXDTE3MDIyMTAwNDk1OFowgacxCzAJBgNVBAYTAkdCMRMwEQYDVQQIEwpC +aXJtaW5naGFtMRkwFwYDVQQHExBTdXR0b24gQ29sZGZpZWxkMSEwHwYDVQQKExhP +cGVuU3RyZWV0TWFwIEZvdW5kYXRpb24xHDAaBgNVBAMUEyoub3NtZm91bmRhdGlv +bi5vcmcxJzAlBgkqhkiG9w0BCQEWGGFkbWluc0BvcGVuc3RyZWV0bWFwLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJuxe5wR46CZT0V6j6mTiRf2 +14sK3tPuYsd88RplllgPpBFBBgbXaQHye/65b+TBKTwi1gaOFl9dwwa//Zo0iser +rz+vO2/NKVnJVfZoP6X3TOGMGAssHxWsaPVaD/Kju91B6oC+8XlN3US2Pyzizt6M +C7SqS31xd8xyKjgStqflvP3Wc8Xz0cjvAi/K32O2FbgNgslQHCFM5AY+B5BG5+7S +fgRetFbpPukmCX153DlaZEV9cYHAk6Qho+4RyOxuIrSoWl/vIl3oOT2MSjqogJRm +tiM+zAUYoZpuuG8fieyIFAmaFsuK7wb/ZBPgoVlG2K9v79aM9w97K70Ri4t+5SMC +AwEAAaOCBRQwggUQMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdJQQWMBQG +CCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUYRF/TPT7QpZHP10ciyUfzpmZ +5nUwHwYDVR0jBBgwFoAUEdsjRf1UzGpxb4SKA9e+9wEvJoYwggJOBgNVHREEggJF +MIICQYITKi5vc21mb3VuZGF0aW9uLm9yZ4IRb3NtZm91bmRhdGlvbi5vcmeCEW9w +ZW5zdHJlZXRtYXAub3JnghZibG9nLm9wZW5zdHJlZXRtYXAub3Jnggdvc20ub3Jn +ggxibG9nLm9zbS5vcmeCFmJsb2cub3NtZm91bmRhdGlvbi5vcmeCDnN3aXRjaDJv +c20ub3JnghFzdGF0ZW9mdGhlbWFwLmNvbYIPb3Blbmdlb2RhdGEub3JnghFzdGF0 +ZW9mdGhlbWFwLm9yZ4IZdGhpbmt1cC5vcGVuc3RyZWV0bWFwLm9yZ4IPdGhpbmt1 +cC5vc20ub3JnghZvdHJzLm9wZW5zdHJlZXRtYXAub3JnggxvdHJzLm9zbS5vcmeC +HGZvdW5kYXRpb24ub3BlbnN0cmVldG1hcC5vcmeCEmZvdW5kYXRpb24ub3NtLm9y +Z4ITKi5zdGF0ZW9mdGhlbWFwLmNvbYITKi5zdGF0ZW9mdGhlbWFwLm9yZ4IQKi5z +d2l0Y2gyb3NtLm9yZ4IOc3dpdGNoMm9zbS5jb22CECouc3dpdGNoMm9zbS5jb22C +Em9wZW5zdHJlZXRtYXBzLm9yZ4IXYmxvZy5vcGVuc3RyZWV0bWFwcy5vcmeCEW9w +ZW5zdHJlZXRtYXAuY29tghZibG9nLm9wZW5zdHJlZXRtYXAuY29tghEqLm9wZW5n +ZW9kYXRhLm9yZ4IRb3BlbnN0cmVldG1hcC5uZXSCFmJsb2cub3BlbnN0cmVldG1h +cC5uZXQwggFWBgNVHSAEggFNMIIBSTAIBgZngQwBAgIwggE7BgsrBgEEAYG1NwEC +AzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGlj +eS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj +b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9m +IHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBp +bnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFy +dHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwuc3Rh +cnRzc2wuY29tL2NydDItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEF +BQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvc2VydmVy +L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9z +dWIuY2xhc3MyLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5z +dGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IBAQAfe1P5cQXxgiaT2kNBIkCF +LVIu8UCZnpkipshwuL8+TXQ0HGUC10Mw/sg6bSAMkBhtE7ffypBlgmI49FHmekae +eAwygd1uubzInmtrXWhpNmQ3M4W53RJlOeU98TMkJiUcqx2kqBFyYbvT2G6u2nxQ +6U9ytr2VZF59iQ9tE9hDM+aqVPjMQdk45TKdraDu1MW0Q/zRPBp+FLn7+nl83Zdd +HEk0+GC4+fU4L5luprtmlkSESA2+beQ613OzKcwYMfClPCRTTooJbgK1OShRCgYm +gqEPJj20V0So8A1pTcLB2VQ68Fwrj5ckqJrjXN1djneWcnIFzEG9UvJlCKxd2pPc +-----END CERTIFICATE----- diff --git a/cookbooks/ssl/files/default/startcom.pem b/cookbooks/ssl/files/default/startcom.pem new file mode 100644 index 000000000..dbaeda6ad --- /dev/null +++ b/cookbooks/ssl/files/default/startcom.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIHHKs2Ry2cUTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG +EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp +Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NzA5WhcNMjIxMDE0MjA1 +NzA5WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp +BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV +BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4I +PlfyiAEhG5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENV +sTUJm9m8H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1k +s3RVG7RLhiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125 +w2oLJxGEd2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhH +M7BUxkYa8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQp +Z4rEAwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E +BAMCAQYwHQYDVR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaA +FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw +AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw +Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg +I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow +OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w +b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQBSyb3zvcv566LEMsqGcvzPv6cw +tf2R99WB4SEErQBM/+mLJ9r/8iTN/B8Pf9LR5YGSI3gW7msDLp0ASE+ugmUuh2/u +agdfS1Zu95ZGQebd/kW5Yiqainbprb3Wc7O8MSvQLNVsa7xqOiWHqailDdeF8Wxs +BQ70wWjLuyqBWKU+mcSf9x+EjqB60U3buAGcDYE0yoL+I2JNP22kUsBMXvJpSLHy +36xEZGmwRinHrfDywJ1oI4qoZ3EiF77OiXp2vlRsk1yL8Bpuru2OrsIFrhNX5rnn +cMgzuJ79SjDjmNQTa+5Ouebs387qoJ52apeq6t80RUL12k3Wh3Zt/85phnqBX9uy +T86w4GdgOUSwRRCFZZcSed/Ul9h4IQyEmM67T2sPGdqFaZFBbBccxrn2FK7yoYB6 +4umV7yKKzP842/whVuyA/W2ihZEpA+qrA70sYESCADXnFGx2O0CDVdVc38coo1nV +iXg+D+AG/dVXiiQcp2I4HYWTS/mTf/NE+mOYnu0miZ32/vhDbCX/B/kSPJ4RsNOA +7uyrOwykcgOSFDbpvuaKOpGLrQwGqLODgm+p9TY5giMMjur9XH7TS1wz02dIz07u +y2NwYWdV67vcnAt6QxRISap5RbaPviyQZxz4nFaSlTAwHoPaW1yuVS11tmsROMlR +RNvbaAxIU4U67YaZSw== +-----END CERTIFICATE----- diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb index c2e62d228..f5239e67b 100644 --- a/cookbooks/ssl/recipes/default.rb +++ b/cookbooks/ssl/recipes/default.rb @@ -22,14 +22,16 @@ keys = data_bag_item("ssl", "keys") package "openssl" package "ssl-cert" -cookbook_file "/etc/ssl/certs/rapidssl.pem" do - owner "root" - group "root" - mode 0444 - backup false +%w(rapidssl startcom).each do |certificate| + cookbook_file "/etc/ssl/certs/#{certificate}.pem" do + owner "root" + group "root" + mode 0444 + backup false + end end -["openstreetmap", "tile.openstreetmap", "crm.osmfoundation"].each do |certificate| +["openstreetmap", "tile.openstreetmap", "osmfoundation"].each do |certificate| if node[:ssl][:certificates].include?(certificate) cookbook_file "/etc/ssl/certs/#{certificate}.pem" do owner "root" diff --git a/cookbooks/wordpress/providers/site.rb b/cookbooks/wordpress/providers/site.rb index 9ed0697c2..d5d6eb3c3 100644 --- a/cookbooks/wordpress/providers/site.rb +++ b/cookbooks/wordpress/providers/site.rb @@ -131,7 +131,8 @@ action :create do variables :aliases => Array(new_resource.aliases), :urls => new_resource.urls, :ssl_enabled => new_resource.ssl_enabled, - :ssl_certificate => new_resource.ssl_certificate + :ssl_certificate => new_resource.ssl_certificate, + :ssl_certificate_chain => new_resource.ssl_certificate_chain reload_apache false end diff --git a/cookbooks/wordpress/resources/site.rb b/cookbooks/wordpress/resources/site.rb index 4e712da34..9b5e4dabf 100644 --- a/cookbooks/wordpress/resources/site.rb +++ b/cookbooks/wordpress/resources/site.rb @@ -30,6 +30,7 @@ attribute :database_password, :kind_of => String, :required => true attribute :database_prefix, :kind_of => String, :default => "wp_" attribute :ssl_enabled, :kind_of => [TrueClass, FalseClass], :default => false attribute :ssl_certificate, :kind_of => String +attribute :ssl_certificate_chain, :kind_of => String attribute :urls, :kind_of => Hash, :default => {} attribute :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index 3d0b97ade..95ea84ff7 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -31,6 +31,9 @@ SSLCertificateFile /etc/ssl/certs/<%= @ssl_certificate %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_certificate %>.key <% end -%> +<% if @ssl_certificate -%> + SSLCertificateChainFile /etc/ssl/certs/<%= @ssl_certificate_chain %>.pem +<% end -%> CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log