Wipe digicert-2019a from the caching cluster
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Vgutierrez
	Oct 15 2020, 10:30 AM

Description

the TLS cert from digicert labeled as digicert-2019a expired on October 6th:

vgutierrez@cp3050:/etc/ssl/localcerts$ openssl x509 -dates -noout -in digicert-2019a-rsa-unified.crt
notBefore=Nov 12 00:00:00 2019 GMT
notAfter=Oct  6 12:00:00 2020 GMT

that's triggering some OCSP stapling alerts even when the cert isn't being used anymore. It not longer makes sense to have the certificate deployed on the caching cluster. Let's wipe it!

Details

	Subject	Repo	Branch	Lines +/-
	ATS: Remove digicert-2019a cert definition	operations/puppet	production	+0 -27

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
					Unknown Object (Task)
		Resolved		Vgutierrez	T265584 Wipe digicert-2019a from the caching cluster

Event Timeline

Vgutierrez created this task.Oct 15 2020, 10:30 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 15 2020, 10:30 AM

Vgutierrez triaged this task as Medium priority.Oct 15 2020, 10:30 AM

Vgutierrez moved this task from Backlog to TLS on the Traffic board.

Change 634202 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ATS: Remove digicert-2019a cert definition

https://gerrit.wikimedia.org/r/634202

gerritbot added a project: Patch-For-Review.Oct 15 2020, 10:42 AM

Change 634202 merged by Vgutierrez:
[operations/puppet@production] ATS: Remove digicert-2019a cert definition

https://gerrit.wikimedia.org/r/634202

Maintenance_bot removed a project: Patch-For-Review.Oct 16 2020, 7:10 AM

Vgutierrez closed this task as Resolved.Oct 16 2020, 7:31 AM

Vgutierrez claimed this task.