Page MenuHomePhabricator

ldap-codfw.wikimedia.org & ldap-eqiad.wikimedia.org expire in September 2015
Closed, ResolvedPublic

Description

ldap-codfw.wikimedia.org & ldap-eqiad.wikimedia.org expire in September 2015. We'll need to renew and push these into service.

This tracking task won't handle the actual purchase approval (in RT), but will track overall implementation.

Event Timeline

RobH raised the priority of this task from to Medium.
RobH updated the task description. (Show Details)
RobH added subscribers: RobH, Andrew.

@Andrew: Can you confirm that you still want/need/require these two certificates for ldap use? (I ask you, since I recall you pushed these certs into service last time, iirc.)

I've assigned to you so you notice in your assignments, please kick back to me once you've replied. Thanks in advance!

Ah, sorry I didn't respond. Yes, please renew those certs! Both of those hosts are still active.

Thanks.

Certs are now up to date and valid through Oct 20 19:41:02 2016 GMT

Getting the new certs in place was a gigantic pain. I'm not going to automate it, though, in hopes of ripping out opendj in the next year. The steps for installing the new cert (after puppet copies them into /etc/ssl/local_certs/ is here:

https://wikitech.wikimedia.org/wiki/LDAP#updating_the_openssl_cert