SHA1 certificates still existing in our repo (as of 2015-05-29):
Intermediary SHA1 certificates (some of these will cease use when SHA1 certs are replaced, some won't, need to note which):
[ ] - (*.planet.wikimedia.org uses this) DigiCertHighAssuranceCA-3.crt
[ ] - RapidSSL_CA.crt - all rapidssl certs in sha256 appear to use RapidSSL_SHA256_CA_-_G3.crt. Once all sha1 rapidssl are replaced, this can be removed from the repo
[ ] - RapidSSL_CA_2 - all rapidssl certs in sha256 appear to use RapidSSL_SHA256_CA_-_G3.crt. Once all sha1 rapidssl are replaced, this can be removed from the repo
Standard SHA1 SSL Certs needing SHA256 re-issuance:Completed:
[ x] - civicrm T104378 (reissue complete, pending service implementation)
[ x] - frdata T104378 (reissue complete, pending service implementation)
[x] - fundraising T104378 (reissue complete, pending service implementation)
[x] - payments-listener T104378 (reissue complete, ] - fundraising T104378 (reissue completepending service implementation)
[x] - RapidSSL_CA_2 - all rapidssl certs in sha256 appear to use RapidSSL_SHA256_CA_-_G3.crt. Once all sha1 rapidssl are replaced, pending service implementationthis can be removed from the repo (this was gone before robh could get to it)
[ ] - payments-listener T104378 (reissue complete, pending service implementation)
Completed:
[x] - ldap-mirror.wikimedia.org.crt T105187
[x] - star.planet.wikimedia.org.crt
[x] - ganglia.wikimedia.org.crt T100825
[x] - git.wikimedia.org.crt T100827
[x] - icinga.wikimedia.org.crt T100830
[x] - librenms.wikimedia.org.crt T100831
[x] - lists.wikimedia.org.crt T100832
[x] - svn.wikimedia.org.crt - expired
[x] - tendril.wikimedia.org.crt T100835
[*] - ticket.wikimedia.org.crt T91504 T104634
[x] - star.wmflabs.crt : T104017
[x] - star.wmflabs.org.crt : T104017
[x] - wikitech.wikimedia.org.crt T92709