Page MenuHomePhabricator

replace git's sha1 cert with sha256
Closed, ResolvedPublic


Tracking task to replace git's sha1 cert with sha256, in multiple steps:

  • - reissue certificate in sha256
  • - update configuration of ganglia to use new certificate
  • - push changes live
  • - revoke old sha1 certificate

Event Timeline

RobH claimed this task.
RobH raised the priority of this task from to Medium.
RobH updated the task description. (Show Details)
RobH added projects: acl*sre-team, HTTPS.

Change 214673 had a related patch set uploaded (by RobH): sha1 to sha256 is behind misc-web. Is this cert still needed?

Indeed, it is behind misc-web. I think we can indeed revoke this cert/keypair entirely. I'll keep it assigned to me and do so later today. Once done, I'll remove from our repo(s).

Change 214673 abandoned by RobH: sha1 to sha256

git.w.o lives behind misc-web, this cert doesn't need to exist.

I revoked and deleted the key and certificate, and Daniel's patchset stops the system from installing the now delete (and also unused) cert/key from systems.

Dzahn set Security to None.