Is there a current one?  The reason I ask is I'm trying to install OpenSearch and ended up going down a rabbit hole with self-signed certificates per their instructions. I'm operating on the ragged edge of how well I understand how certificates work ☹️. If there was a WMF cert I could drop in, that would be great.






On Dec 20, 2023 12:14, Daniel Zahn <dzahn@wikimedia.org> wrote:
It's a CA certificate, a certificate issued by an authority (in this case WMF itself) that you could use to verify certs issued by it were valid.

Since it's expired it doesn't do anything useful but also shouldn't do any harm.

It's there because it still gets installed in the "base" class (profile::base::certificates) in puppet.


On Tue, Dec 19, 2023 at 4:23 PM Roy Smith <roy@panix.com> wrote:
Poking around on my debian bookworm instance, I found /usr/local/share/ca-certificates/wmf_ca_2017_2020.crt, which looks like an expired SSL certificate:

> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             9f:14:76:9e:ea:f4:18:c3
>         Signature Algorithm: sha256WithRSAEncryption
>         Issuer: C = US, ST = California, L = San Francisco, O = Wikimedia Foundation, OU = Operations, CN = WMF CA 2017-2020
>         Validity
>             Not Before: Jul 19 20:43:26 2017 GMT
>             Not After : Jul 18 20:43:26 2020 GMT
>         Subject: C = US, ST = California, L = San Francisco, O = Wikimedia Foundation, OU = Operations, CN = WMF CA 2017-2020



Does this do anything useful?  Does it do any harm?
_______________________________________________
Cloud mailing list -- cloud@lists.wikimedia.org
List information: https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/


--
Daniel Zahn <dzahn@wikimedia.org>
Site Reliability Engineer