Page MenuHomeMiraheze

Redesign implementation of adding own TLS certificates and CAs
Open, LowPublic

Description

Cited from https://meta.miraheze.org/wiki/Special:IncidentReports/31: Fix how we deploy additional certificates: see https://github.com/wikimedia/puppet/blob/production/modules/sslcert/manifests/init.pp#L23. Custom domain certificates must be in a separate directory, like /etc/ssl/localcerts. Deploying root certificates shouldn't be need in the first place(?), not even for ssl_ca, but if we really have to: use the ca-certificates directory and run update-ca-certificates to update /etc/ssl/certs and the ca-certificates.crt file. See https://github.com/wikimedia/puppet/blob/production/modules/sslcert/manifests/ca.pp.

Event Timeline

Paladox triaged this task as Normal priority.Jun 14 2020, 19:51
Southparkfan lowered the priority of this task from Normal to Low.