It's a CA certificate, a certificate issued by an authority (in this case
WMF itself) that you could use to verify certs issued by it were valid.
Since it's expired it doesn't do anything useful but also shouldn't do any
harm.
It's there because it still gets installed in the "base" class
(profile::base::certificates) in puppet.
Poking around on my debian bookworm instance, I found
/usr/local/share/ca-certificates/wmf_ca_2017_2020.crt, which looks like an
expired SSL certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9f:14:76:9e:ea:f4:18:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = California, L = San Francisco, O =
Wikimedia
Foundation, OU = Operations, CN = WMF CA 2017-2020
Validity
Not Before: Jul 19 20:43:26 2017 GMT
Not After : Jul 18 20:43:26 2020 GMT
Subject: C = US, ST = California, L = San Francisco, O =
Wikimedia
Foundation, OU = Operations, CN = WMF CA 2017-2020
Does this do anything useful? Does it do any harm?
_______________________________________________
Cloud mailing list -- cloud(a)lists.wikimedia.org
List information:
https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/
--
Daniel Zahn <dzahn(a)wikimedia.org>
Site Reliability Engineer