Page MenuHomePhabricator

replace git's sha1 cert with sha256
Closed, ResolvedPublic

Description

Tracking task to replace git's sha1 cert with sha256, in multiple steps:

  • - reissue certificate in sha256
  • - update configuration of ganglia to use new certificate
  • - push changes live
  • - revoke old sha1 certificate

Event Timeline

RobH created this task.May 29 2015, 7:01 PM
RobH claimed this task.
RobH raised the priority of this task from to Normal.
RobH updated the task description. (Show Details)
RobH added projects: acl*sre-team, HTTPS.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 29 2015, 7:01 PM

Change 214673 had a related patch set uploaded (by RobH):
git.wikimedia.org.crt sha1 to sha256

https://gerrit.wikimedia.org/r/214673

git.wikimedia.org is behind misc-web. Is this cert still needed?

RobH added a comment.Jun 1 2015, 4:08 PM

Indeed, it is behind misc-web. I think we can indeed revoke this cert/keypair entirely. I'll keep it assigned to me and do so later today. Once done, I'll remove from our repo(s).

Change 214673 abandoned by RobH:
git.wikimedia.org.crt sha1 to sha256

Reason:
git.w.o lives behind misc-web, this cert doesn't need to exist.

https://gerrit.wikimedia.org/r/214673

RobH closed this task as Resolved.Jun 3 2015, 5:45 PM

I revoked and deleted the git.wikimedia.org key and certificate, and Daniel's patchset stops the system from installing the now delete (and also unused) cert/key from systems.

Dzahn updated the task description. (Show Details)Jun 4 2015, 8:48 PM
Dzahn set Security to None.