Page MenuHomePhabricator

Benefit from acme-chief features in acme-chief clients
Open, Stalled, NormalPublic

Description

Currently acme-chief offers some features that are being ignored by its clients:

  • dual-cert set-up: all acme-chief clients that support dual-cert stack are currently using ECDSA+RSA certificates
  • OCSP stapling support (T232988)

Currently (almost) every acme-chief client should be able to serve a dual-cert setup but all of them are using RSA-2048 certificates. (Take into account that our TLS traffic is mostly using ECDSA certificates).

Regarding OCSP stapling, at least nginx based acme-chief clients should be able to use it.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 8 2019, 10:50 AM
Vgutierrez triaged this task as Normal priority.Apr 8 2019, 10:51 AM
Vgutierrez moved this task from Triage to TLS on the Traffic board.

Change 502195 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] netbox: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502195

Change 502195 merged by Vgutierrez:
[operations/puppet@production] netbox: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502195

Change 502205 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] librenms: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502205

Change 502205 merged by Vgutierrez:
[operations/puppet@production] librenms: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502205

Change 502260 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] mirrors: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502260

Change 502263 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] tendril: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502263

Change 502260 merged by Vgutierrez:
[operations/puppet@production] mirrors: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502260

Change 502263 merged by Vgutierrez:
[operations/puppet@production] tendril: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502263

Change 502503 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] archiva: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502503

Change 502506 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] gerrit: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502506

Change 502509 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] install_server: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502509

Change 502513 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] dumps: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502513

Change 502503 merged by Vgutierrez:
[operations/puppet@production] archiva: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502503

Change 502506 merged by Vgutierrez:
[operations/puppet@production] gerrit: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502506

Change 502509 merged by Vgutierrez:
[operations/puppet@production] install_server: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502509

Change 502513 merged by Vgutierrez:
[operations/puppet@production] dumps: Offer an ECDSA certificate along with the RSA one

https://gerrit.wikimedia.org/r/502513

Vgutierrez changed the task status from Open to Stalled.Apr 10 2019, 8:27 AM
Vgutierrez removed a project: Patch-For-Review.
Vgutierrez updated the task description. (Show Details)
Krenair updated the task description. (Show Details)Sep 21 2019, 5:26 PM