ssl_key: '/etc/pki/tls/private/sparkasseblog.de-key.pem'
ssl_chain: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
ssl_verify_client: optional
- ssl_crl: '/etc/pki/tls/certs/d-trust_ca_2-1_2015.crl'
- ssl_ca: '/etc/pki/tls/certs/d-trust_ca_2-1_2015.crt'
+ ssl_crl: '/etc/pki/tls/certs/spk-cacrl.pem'
+ ssl_ca: '/etc/pki/tls/certs/spk-root-ca.pem'
+ ssl_verify_depth: 2
directories:
- provider: location
path: '/'
- "HTTPS on HTTPS=on"
infra::profile::cron::cronjobs:
- fetchcrl:
+ fetch_d-trust_crl:
ensure: 'present'
user: root
- command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust_ca_2-1_2015.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl && systemctl reload httpd'
+ command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
minute: '0'
hour: '5'
- description: um 05:00 Uhr wird die Revocationlist geholt. somit muss der Webserver reloaded werden
+ description: Die Revocationlist von D-Trust runterladen
+ fetch_commodo_crl:
+ ensure: 'present'
+ user: root
+ command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
+ minute: '0'
+ hour: '5'
+ description: Die Revocationlist von Commodo runterladen
+ merge_crls:
+ ensure: 'present'
+ user: root
+ command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
+ minute: '3'
+ hour: '5'
+ description: Merge der Revocationlists
+ reload_webserver:
+ ensure: 'present'
+ user: root
+ command: 'systemctl reload httpd'
+ minute: '5'
+ hour: '5'
+ description: Merge der Revocationlists
projects / pixelpark / hiera.git / commitdiff