Changeset 1973 for branches


Ignore:
Timestamp:
Sep 6, 2011, 4:30:47 PM (13 years ago)
Author:
ezyang
Message:
Merge r1947-r1972 from trunk to branches/fc15-dev
Location:
branches/fc15-dev
Files:
18 edited
3 copied

Legend:

Unmodified
Added
Removed
  • branches/fc15-dev

  • branches/fc15-dev/host/debian/scripts-vm-host/debian/changelog

    r1912 r1973  
     1scripts-vm-host (0.4) stable; urgency=low
     2
     3  * Depend on scripts-syslog-ng-config
     4
     5 -- Alexander Chernaykhovsky <achernya@mit.edu>  Mon, 05 Sep 2011 15:19:01 -0400
     6
     7scripts-vm-host (0.3) stable; urgency=low
     8
     9  * Rebuild for inclusion in Scripts APT repository
     10
     11 -- Alexander Chernyakhovsky <achernya@mit.edu>  Sun, 04 Sep 2011 20:57:55 -0400
     12
    113scripts-vm-host (0.2) unstable; urgency=low
    214
  • branches/fc15-dev/host/debian/scripts-vm-host/debian/control

    r1912 r1973  
    4444 munin-node,
    4545 subversion,
     46 scripts-syslog-ng-config,
    4647Description: Configures a machine to be a scripts VM host
    4748 Configures a machine to be a scripts VM host, installing all
  • branches/fc15-dev/locker

  • branches/fc15-dev/locker/bin

  • branches/fc15-dev/locker/bin/ssh

    • Property svn:executable set to *
  • branches/fc15-dev/locker/deploy/bin

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin/django

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin/rails

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin/trac

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/sql/bin/save-password

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/server/common/oursrc/execsys/execsys-binfmt

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/server/common/oursrc/php_scripts/php_scripts-config.m4

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/server/doc/install-howto.sh

    r1880 r1973  
    22# It is semi-vaguely in the form of a shell script, but is not really
    33# runnable as it stands.
     4
     5# Notation
     6# [PRODUCTION] Production server that will be put into the pool
     7# [WIZARD]     Semi-production server that will only have
     8#              daemon.scripts-security-upd bits, among other
     9#              restricted permissions bits, among other
     10#              restricted permissions bits, among other
     11#              restricted permissions bits, among other
     12#              restricted permissions
     13# [TESTSERVER] Completely untrusted server
    414
    515set -e -x
     
    2030# at localhost, and if our server is not setup at that point things
    2131# will break.
    22 source_server="cats-whiskers.mit.edu"
     32source_server="shining-armor.mit.edu"
    2333
    2434# 'branch' is the current svn branch you are on.  You want to
     
    4353    cd /root
    4454    ls -l .bashrc
    45     ls -l .ldapvirc
    4655    ls -l .screenrc
    4756    ls -l .ssh
    4857    ls -l .vimrc
    4958    ls -l .k5login
     59    # [PRODUCTION] This rc file has sensitive data on it and should only
     60    # be pushed onto production servers.
     61    ls -l .ldapvirc
    5062    # Trying to scp from server to server won't work, as scp
    5163    # will attempt to negotiate a server-to-server connection.
    5264    # Instead, scp to your trusted machine as a temporary file,
    5365    # and then push to the other server
    54 scp -r root@$source_server:~/{.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} .
    55 scp -r {.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} root@$server:~
     66scp -r root@$source_server:~/{.bashrc,.screenrc,.ssh,.vimrc,.k5login} .
     67scp -r {.bashrc,.screenrc,.ssh,.vimrc,.k5login} root@$server:~
     68# [PRODUCTION]
     69scp root@$source_server:~/.ldapvirc .
     70scp .ldapvirc root@$server:~
    5671
    5772# Install the initial set of credentials (to get Kerberized logins once
    5873# krb5 is installed).  Otherwise, SCP'ing things in will be annoying.
    59 #   o You probably installed the machine keytab long ago
     74#   o Install the machine keytab.
    6075    ls -l /etc/krb5.keytab
    6176#     Use ktutil to combine the host/scripts.mit.edu and
     
    7287#          2    3 host/scripts-vhosts.mit.edu@ATHENA.MIT.EDU
    7388#          3    2      host/scripts.mit.edu@ATHENA.MIT.EDU
    74 #   o Replace the ssh host keys with the ones common to all scripts servers (real servers only)
     89#   o [PRODUCTION] Replace the ssh host keys with the ones common to all
     90#     scripts servers (real servers only)
    7591    ls -l /etc/ssh/*key*
    7692#     You can do that with:
     
    85101    chmod 0440 /etc/sudoers
    86102
    87 # If this is the first time you've installed this hostname, you will
    88 # need to update a bunch of files to add support for it. These include:
     103# [PRODUCTION] If this is the first time you've installed this hostname,
     104# you will need to update a bunch of files to add support for it. These
     105# include:
    89106#   o Adding all aliases to /etc/httpd/conf.d/scripts-vhost-names.conf
    90107#     (usually this is hostname, hostname.mit.edu, h-n, h-n.mit.edu,
     
    141158    chkconfig syslog-ng on
    142159
    143 # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping.
     160# [PRODUCTION/WIZARD] Fix the openafs /usr/vice/etc <-> /etc/openafs
     161# mapping.
    144162    echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo
    145163    echo "athena.mit.edu" > /usr/vice/etc/ThisCell
    146164
    147 # [TEST SERVER] If you're installing a test server, this needs to be
     165# [TESTSERVER] If you're installing a test server, this needs to be
    148166# much smaller; the max filesize on XVM is 10GB.  Pick something like
    149167# 500000. Also, some of the AFS parameters are kind of retarded (and if
    150168# you're low on disk space, will actually exhaust our inodes).  Edit
    151169# these parameters in /etc/sysconfig/openafs
     170    echo "/afs:/usr/vice/cache:500000" > /usr/vice/etc/cacheinfo
     171    XXX TODO COMMANDS
    152172
    153173# Test that zephyr is working
     
    176196    # here's a cute script that removes all extra packages
    177197    yum erase -y $(grep -Fxvf packages.txt newpackages.txt)
     198    # 20101208 - Mysteriously we manage to get these extra packages
     199    # from kickstart: mcelog mobile-broadband-provider-info
     200    # ModemManager PackageKit
    178201
    179202# We need an upstream version of cgi which we've packaged ourselves, but
     
    219242#   want to be able to write to ~/.python-eggs.  (Also makes sourcediving
    220243#   easier.)
    221 cat /usr/lib/python2.6/site-packages/easy-install.pth | grep "^./" | cut -c3- | cut -f1 -d- . egg.txt
     244cat /usr/lib/python2.6/site-packages/easy-install.pth | grep "^./" | cut -c3- | cut -f1 -d- > egg.txt
    222245    cat egg.txt | xargs easy_install -Z
    223246# - Look at `gem list` for Ruby gems.
     
    241264    pecl install --nodeps $(pecl list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pecl.txt)
    242265
    243 # Install the credentials.  There are a lot of things to remember here.
    244 # Be sure to make sure the permissions match up (ls -l on an existing
    245 # server!).
    246 scp root@$source_server:{/etc/{sql-mit-edu.cfg.php,daemon.keytab,pki/tls/private/scripts.key,signup-ldap-pw,whoisd-password},/home/logview/.k5login} .
    247 scp daemon.keytab signup-ldap-pw whoisd-password sql-mit-edu.cfg.php root@$server:/etc
     266# [PRODUCTION] Install the credentials.  There are a lot of things to
     267# remember here.  Be sure to make sure the permissions match up (ls -l
     268# on an existing server!).
     269scp root@$source_server:{/etc/{sql-mit-edu.cfg.php,pki/tls/private/scripts.key,signup-ldap-pw,whoisd-password},/home/logview/.k5login} .
     270scp signup-ldap-pw whoisd-password sql-mit-edu.cfg.php root@$server:/etc
    248271scp scripts.key root@$server:/etc/pki/tls/private
    249272scp .k5login root@$server:/home/logview
    250     chown afsagent:afsagent /etc/daemon.keytab
    251 #   o The daemon.scripts keytab (will be daemon.scripts-test for test)
    252     ls -l /etc/daemon.keytab
    253273#   o The SSL cert private key (real servers only)
    254274    ls -l /etc/pki/tls/private/scripts.key
     
    260280    cat /home/logview/.k5login
    261281
     282# All types of servers will have an /etc/daemon.keytab file, however,
     283# different types of server will have different credentials in this
     284# keytab.
     285#   [PRODUCTION] daemon.scripts
     286#   [WIZARD]     daemon.scripts-security-upd
     287#   [TESTSERVER] daemon.scripts-test
     288k5srvutil list -f daemon.keytab
     289scp daemon.keytab root@$server:/etc
     290    chown afsagent:afsagent /etc/daemon.keytab
     291#   o The daemon.scripts keytab (will be daemon.scripts-test for test)
     292    ls -l /etc/daemon.keytab
     293
    262294# Spin up OpenAFS.  This will fail if there's been a new kernel since
    263295# when you last tried.  In that case, you can hold on till later to
    264296# start OpenAFS.  This will take a little bit of time;
    265297    service openafs-client start
    266 
    267 # Check that fs sysname is correct.  You should see, among others,
     298# Then, check that fs sysname is correct.  You should see, among others,
    268299# 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you
    269300# probably did a distro upgrade and should update /etc/sysconfig/openafs.
    270301    fs sysname
    271302
    272 # [TEST SERVER] If you are setting up a test server, pay attention to
    273 # /etc/sysconfig/network-scripts and do not bind scripts' IP address.
    274 # You will also need to modify:
     303# [WIZARD/TESTSERVER] If you are setting up a non-production server,
     304# there are some services that it won't provide, and you will need to
     305# make it talk to a real server instead.  In particular:
     306#   - We don't serve the web, so don't bind scripts.mit.edu
     307#   - We don't serve LDAP, so use another server
     308# This involves editing the following files:
     309#   o /etc/sysconfig/network-scripts/ifcfg-lo:0
     310#   o /etc/sysconfig/network-scripts/ifcfg-lo:1
     311#   o /etc/sysconfig/network-scripts/ifcfg-lo:2
     312#   o /etc/sysconfig/network-scripts/ifcfg-lo:3
     313       \rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}
    275314#   o /etc/ldap.conf
    276315#       add: host scripts.mit.edu
    277 #   o /etc/nss-ldapd.conf
    278 #       replace: uri *****
     316#   o /etc/{nss-ldapd,nslcd}.conf
     317#       replace: uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
    279318#       with: uri ldap://scripts.mit.edu/
    280319#   o /etc/openldap/ldap.conf
     
    282321#            BASE dc=scripts,dc=mit,dc=edu
    283322#   o /etc/httpd/conf.d/vhost_ldap.conf
    284 #       replace: VhostLDAPUrl ****
     323#       replace: VhostLDAPUrl "ldap://127.0.0.1/ou=VirtualHosts,dc=scripts,dc=mit,dc=edu"
    285324#       with: VhostLDAPUrl "ldap://scripts.mit.edu/ou=VirtualHosts,dc=scripts,dc=mit,dc=edu"
    286325#   o /etc/postfix/virtual-alias-{domains,maps}-ldap.cf
    287 #       replace: server_host *****
     326#       replace: server_host ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
    288327#       with: server_host = ldap://scripts.mit.edu
    289328# to use scripts.mit.edu instead of localhost.
    290329# XXX: someone should write sed scripts to do this
    291330
    292 # [TEST SERVER] If you are setting up a test server, afsagent's cronjob
    293 # will attempt to be renewing with the wrong credentials
    294 # (daemon.scripts). Change this:
     331# [WIZARD/TESTSERVER] If you are setting up a non-production server,
     332# afsagent's cronjob will attempt to be renewing with the wrong
     333# credentials (daemon.scripts). Change this:
    295334    vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu
    296335
    297 # Set up replication (see ./install-ldap).
     336# [PRODUCTION] Set up replication (see ./install-ldap).
    298337# You'll need the LDAP keytab for this server: be sure to chown it
    299338# fedora-ds after you create the fedora-ds user
     
    307346    service nscd start
    308347    service postfix start
    309     service httpd start
    310     chkconfig dirsrv on
    311348    chkconfig nslcd on
    312349    chkconfig nscd on
    313350    chkconfig postfix on
     351
     352# [PRODUCTION]
     353    chkconfig dirsrv on
     354
     355# [PRODUCTION/TESTSERVER]
     356# (Maybe WIZARD too once we start doing strange things to autoupgrade
     357# installs behind firewalls.)
     358    service httpd start # will fail if AFS is not running
    314359    chkconfig httpd on
    315360
     
    317362    chkconfig nrpe on
    318363
    319 # Check sql user credentials (needs to be done after LDAP is setup)
     364# [PRODUCTION] Check sql user credentials (needs to be done after LDAP
     365# is setup)
    320366    chown sql /etc/sql-mit-edu.cfg.php
    321367
     
    345391    # Some usual candidates for clobbering include nsswitch.conf and
    346392    # sysconfig/openafs
     393    # [WIZARD/TEST] Remember that changes you made should not get
     394    # reverted!
    347395
    348396# ThisCell got clobbered, replace it with athena.mit.edu
     
    357405#   o your lvm thingies; probably don't need to edit
    358406
    359 # [TEST SERVER] More stuff for test servers
    360 #   - You need a self-signed SSL cert.  Generate with:
     407# [TESTERVER]
     408#   - You need a self-signed SSL cert or Apache will refuse to start
     409#     or do SSL.  Generate with:
    361410    openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes
    362 #     Also make /etc/pki/tls/certs/ca.pem match up
     411#     Also make /etc/pki/tls/certs/ca.pem match up (XXX what's the
     412#     incant for that?)
     413
     414# [TESTSERVER] More stuff for test servers
    363415#   - Make (/etc/aliases) root mail go to /dev/null, so we don't spam people
    364416#   - Edit /etc/httpd/conf.d/scripts-vhost-names.conf to have scripts-fX-test.xvm.mit.edu
  • branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/ai6034.conf

    r1325 r1973  
    1919                Include conf.d/vhosts-common-ssl.conf
    2020                SSLCertificateFile /etc/pki/tls/certs/ai6034.pem
     21                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    2122        </VirtualHost>
    2223        <VirtualHost *:444>
     
    2930                Include conf.d/vhosts-common-ssl-cert.conf
    3031                SSLCertificateFile /etc/pki/tls/certs/ai6034.pem
     32                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    3133        </VirtualHost>
    3234</IfModule>
  • branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/isawyou.conf

    r1776 r1973  
    44        ServerName isawyou.mit.edu
    55        ServerAlias isawyou
    6         DocumentRoot /afs/athena.mit.edu/user/k/e/keone/web_scripts/isawyou
    7         Alias /~keone /afs/athena.mit.edu/user/k/e/keone/web_scripts
    8         SuExecUserGroup keone keone
     6        DocumentRoot /afs/sipb.mit.edu/contrib/isawyou/web_scripts
     7        Alias /~isawyou /afs/sipb.mit.edu/contrib/isawyou/web_scripts
     8        SuExecUserGroup isawyou isawyou
    99        Include conf.d/vhosts-common.conf
    1010</VirtualHost>
     
    1414                ServerName isawyou.mit.edu
    1515                ServerAlias isawyou
    16                 DocumentRoot /afs/athena.mit.edu/user/k/e/keone/web_scripts/isawyou
    17                 Alias /~keone /afs/athena.mit.edu/user/k/e/keone/web_scripts
    18                 SuExecUserGroup keone keone
     16                DocumentRoot /afs/sipb.mit.edu/contrib/isawyou/web_scripts
     17                Alias /~isawyou /afs/sipb.mit.edu/contrib/isawyou/web_scripts
     18                SuExecUserGroup isawyou isawyou
    1919                Include conf.d/vhosts-common-ssl.conf
    2020                SSLCertificateFile /etc/pki/tls/certs/isawyou.pem
     
    2424                ServerName isawyou.mit.edu
    2525                ServerAlias isawyou
    26                 DocumentRoot /afs/athena.mit.edu/user/k/e/keone/web_scripts/isawyou
    27                 Alias /~keone /afs/athena.mit.edu/user/k/e/keone/web_scripts
    28                 SuExecUserGroup keone keone
     26                DocumentRoot /afs/sipb.mit.edu/contrib/isawyou/web_scripts
     27                Alias /~isawyou /afs/sipb.mit.edu/contrib/isawyou/web_scripts
     28                SuExecUserGroup isawyou isawyou
    2929                Include conf.d/vhosts-common-ssl.conf
    3030                Include conf.d/vhosts-common-ssl-cert.conf
  • branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/ai6034.pem

    r1611 r1973  
     1From mitcert@MIT.EDU Fri Aug 19 09:30:50 2011
     2Date: Fri, 19 Aug 2011 09:30:48 -0400
     3From: "mitcert@MIT.EDU" <mitcert@MIT.EDU>
     4To: Alexander Chernyakhovsky <achernya@mit.edu>
     5Subject: [help.mit.edu #1702392] certificate renewal for scripts-vhost ai6034.mit.edu
     6
    17Certificate:
    28    Data:
    39        Version: 3 (0x2)
    410        Serial Number:
    5             fe:8f:cc:2a:7d:76:b9:64:36:c3:e6:ec:48:e1:ee:1f
     11            ab:08:ed:7a:2f:37:38:c3:9f:6c:01:8e:ff:f2:82:40
    612        Signature Algorithm: sha1WithRSAEncryption
    713        Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority
    814        Validity
    9             Not Before: Aug 30 16:00:00 2010 GMT
    10             Not After : Sep  1 16:00:00 2011 GMT
     15            Not Before: Aug 17 16:00:00 2011 GMT
     16            Not After : Aug 16 16:00:00 2012 GMT
    1117        Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=ai6034.mit.edu/emailAddress=scripts@mit.edu
    1218        Subject Public Key Info:
    1319            Public Key Algorithm: rsaEncryption
    14             RSA Public Key: (1024 bit)
    15                 Modulus (1024 bit):
    16                     00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37:
    17                     27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c:
    18                     0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66:
    19                     f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5:
    20                     6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4:
    21                     bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d:
    22                     d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67:
    23                     4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e:
    24                     7c:4c:b7:db:dc:6a:8a:5d:81
     20            RSA Public Key: (4096 bit)
     21                Modulus (4096 bit):
     22                    00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56:
     23                    f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3:
     24                    93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17:
     25                    47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91:
     26                    d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1:
     27                    b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24:
     28                    4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55:
     29                    4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b:
     30                    6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc:
     31                    4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad:
     32                    4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87:
     33                    2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06:
     34                    f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25:
     35                    66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59:
     36                    01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2:
     37                    a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4:
     38                    74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c:
     39                    21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d:
     40                    08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc:
     41                    c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43:
     42                    c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7:
     43                    54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa:
     44                    ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31:
     45                    07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b:
     46                    84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51:
     47                    50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3:
     48                    a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e:
     49                    07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0:
     50                    f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18:
     51                    5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc:
     52                    f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35:
     53                    f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76:
     54                    0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb:
     55                    24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46:
     56                    ce:8b:6d
    2557                Exponent: 65537 (0x10001)
    2658        X509v3 extensions:
     
    3466                Digital Signature, Non Repudiation, Key Encipherment
    3567            X509v3 Subject Key Identifier:
    36                 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8
     68                CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62
    3769            X509v3 CRL Distribution Points:
    3870                URI:http://ca.mit.edu/ca/mitserver.crl
    3971
    4072    Signature Algorithm: sha1WithRSAEncryption
    41         73:aa:4b:65:bf:b3:28:bd:80:f2:b8:80:55:5f:73:c0:93:49:
    42         38:d3:7d:53:e7:33:4b:07:df:f0:b9:2f:47:7a:c6:41:02:f2:
    43         1d:82:b4:e0:f2:84:3a:d1:43:75:48:ae:6e:31:e7:85:45:0c:
    44         cd:a2:95:51:b1:5a:3b:eb:a0:e6:5d:bb:57:3d:b4:27:a6:f1:
    45         c5:49:96:44:67:da:7a:f4:99:19:60:4f:ef:02:79:e9:c8:f6:
    46         3b:3f:fa:0a:37:ce:1c:ec:c6:63:20:26:b6:44:a6:20:7d:06:
    47         00:8e:e9:4a:94:fa:58:3d:42:17:6a:99:cc:8f:23:7c:28:ef:
    48         1c:d7
     73        0e:54:0f:38:76:76:1a:05:e4:2c:b7:55:b3:ae:08:0d:2a:b7:
     74        94:67:e5:0b:37:cd:1f:7b:0e:70:70:a6:9a:0f:2b:ed:24:66:
     75        00:90:35:d0:7d:98:78:68:9e:73:8a:98:43:db:63:c8:10:63:
     76        ce:45:d5:f5:31:69:bf:56:25:92:f3:0c:83:a5:a9:58:94:b9:
     77        99:25:7a:db:a5:ca:22:47:20:de:f4:3c:b1:73:ae:9f:7b:17:
     78        86:7f:0b:ca:52:cd:55:8a:05:1d:5d:87:61:d1:cf:c7:af:43:
     79        7c:e1:d4:9b:8d:31:ce:ef:51:ec:fe:f7:63:38:d8:63:cd:5a:
     80        ff:ef
    4981-----BEGIN CERTIFICATE-----
    50 MIIDfjCCAuegAwIBAgIRAP6PzCp9drlkNsPm7Ejh7h8wDQYJKoZIhvcNAQEFBQAw
     82MIIFAjCCBGugAwIBAgIRAKsI7XovNzjDn2wBjv/ygkAwDQYJKoZIhvcNAQEFBQAw
    5183ezELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoT
    5284JU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsT
    53 G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA4MzAxNjAwMDBaFw0x
    54 MTA5MDExNjAwMDBaMIHQMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz
     85G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTA4MTcxNjAwMDBaFw0x
     86MjA4MTYxNjAwMDBaMIHQMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz
    5587ZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRz
    5688IEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYDVQQLEyNzY3JpcHRzLm1pdC5l
    5789ZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEXMBUGA1UEAxMOYWk2MDM0Lm1pdC5lZHUx
    58 HjAcBgkqhkiG9w0BCQEWD3NjcmlwdHNAbWl0LmVkdTCBnzANBgkqhkiG9w0BAQEF
    59 AAOBjQAwgYkCgYEAtT4hTcGJawGMR4D+szcndvhSQeaiPUt2eOXyZjwPsa37l48u
    60 orZT07YO4mb5uQu3zrTV9RwfbyJ9SPVt8BbNjkh50RRKFC8v+MS9HYfPfYtcd61Y
    61 JLAOoW3WCsfYvC9nZchd2NgxwmdLSvShpVSCr8s0CCoEf458TLfb3GqKXYECAwEA
    62 AaOBqzCBqDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNVHSUEIDAe
    63 BggrBgEFBQcDAQYIKwYBBQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF4DAdBgNV
    64 HQ4EFgQUVBF8CVVEHJRFqaJ2RissJCZqROgwMwYDVR0fBCwwKjAooCagJIYiaHR0
    65 cDovL2NhLm1pdC5lZHUvY2EvbWl0c2VydmVyLmNybDANBgkqhkiG9w0BAQUFAAOB
    66 gQBzqktlv7MovYDyuIBVX3PAk0k4031T5zNLB9/wuS9HesZBAvIdgrTg8oQ60UN1
    67 SK5uMeeFRQzNopVRsVo766DmXbtXPbQnpvHFSZZEZ9p69JkZYE/vAnnpyPY7P/oK
    68 N84c7MZjICa2RKYgfQYAjulKlPpYPUIXapnMjyN8KO8c1w==
     90HjAcBgkqhkiG9w0BCQEWD3NjcmlwdHNAbWl0LmVkdTCCAiIwDQYJKoZIhvcNAQEB
     91BQADggIPADCCAgoCggIBAL+j8nuYzBanV+aShTRW8eNig55qTzWd8M+Jh3Pjk/e3
     92AVc4bun8WU0k66cXR8osUQ5FyLdoyQ4yJuCR0wZcjHwObJkMskYFD03xsMdeNQZi
     93/irWDxsstQIkTMMGceyUyh2qr365LcBVS8y8UT12aFvT7TXQA7obbPOg2NPca0Sw
     94XgFR0wLMStpSEt41MWkWWkiLD86tTeTVixE2f4cc/YTaQy6HL0FwrK3fVMDt9iFR
     95+sUG8BvrobC/TRxCNIrVb/clZnOPYMTXjTOR9EY6lwlZAf/DZJRASDBo8G4DJnTC
     96obPXy5T8blOKKp79sU/EdFYlYx+qvZUleJxFRhsMIXHrhJTQsvHaUvbRf2MdCCNS
     97X8L5TaykROWaVHD8yfzU1LcddZUA478+TPNDw5bHCSopRRLSMdZ5TIrnVCcixoCu
     98hyNW8Y1Jm8j67TNbX1Z2yA9+hRRpxEgxBzmlNIHyaxVQIvu7LK1LhOpVZPfeVp3Q
     99ttB9HhtRUDdElObEFetFMfGz7A+zqQz4HEfHUQAF7+6wPZ9+B6c46INMPds0tiQM
     100kFfA+dBkFIqTR5tB9aMUHZ4YXdXYZq/188gvvKcCp+/c8A7HR40u1qhiQpNbfPU1
     101+DEQezjUQCRogRMny/t2DtGZFNjV6/dpZI+vj4K7JCn51CkdzuYUukyLCf9Gzott
     102AgMBAAGjgaswgagwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBeAwJwYDVR0l
     103BCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMEBggrBgEFBQcDAjALBgNVHQ8EBAMCBeAw
     104HQYDVR0OBBYEFMsRtwFfhlVPRV6rJ2m+4TyJelViMDMGA1UdHwQsMCowKKAmoCSG
     105Imh0dHA6Ly9jYS5taXQuZWR1L2NhL21pdHNlcnZlci5jcmwwDQYJKoZIhvcNAQEF
     106BQADgYEADlQPOHZ2GgXkLLdVs64IDSq3lGflCzfNH3sOcHCmmg8r7SRmAJA10H2Y
     107eGiec4qYQ9tjyBBjzkXV9TFpv1YlkvMMg6WpWJS5mSV626XKIkcg3vQ8sXOun3sX
     108hn8LylLNVYoFHV2HYdHPx69DfOHUm40xzu9R7P73YzjYY81a/+8=
    69109-----END CERTIFICATE-----
     110
  • branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/nudelta.pem

    • Property svn:mergeinfo changed (with no actual effect on merging)
Note: See TracChangeset for help on using the changeset viewer.