SystemAdministration/CertificateList

Purpose

This wiki page is used to maintain a complete list of CAcert's service-related certificates with all required details for keeping them up-to-date.

Most of CAcert's services are running over HTTPS secured by a CAcert-issued certificate. It is important that these certificates are renewed in a timely fashion to avoid issues with services failing due to expired certificates. In general the certificate owner is responsible for timely renewal and re-installation of the certificate, however in some cases the owner may not be available or aware of a problem. Therefore it is useful to collect the information about all of CAcert's current service-related certificates in one place, allowing other system administrators to act as a backup if necessary.

The new infrastructure documentation contains an automatically generated list of certificates at https://infradocs.cacert.org/certlist.html that contains all recent information. The list below references pages in the new documentation to avoid information duplication.

Certificate List

Procedures and organisation administrators page is SystemAdministration/Procedures/CertificateIssuing

blog.cacert.org

Common Name	blog.cacert.org
Owner	blog-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/blog.html#keys-and-x-509-certificates

board.cacert.org

Common Name	board.cacert.org
Owner	board-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/board.html#keys-and-x-509-certificates

bugs.cacert.org

Common Name	bugs.cacert.org
Owner	bugs-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/bugs.html#keys-and-x-509-certificates

cats.cacert.org

Common Name	cats.cacert.org
Owner	EducationOfficer, currently BernhardFröhlich
Reference	https://infradocs.cacert.org/systems/cats.html#keys-and-x-509-certificates

cats@cacert.org

Common Name	Must include emailAddress=cats@cacert.org, other name parts are not relevant.
Owner	EducationOfficer, currently BernhardFröhlich
Reference	https://infradocs.cacert.org/systems/cats.html#keys-and-x-509-certificates
Other info	Used by the upload script to authenticate at the server, see www/cats/cats_import.php The expiry date in the filename sometimes remembers me to renew the cert, but if a new cert/key is installed as a new name the script cats:/home/cats/tools/do_upload has to be adjusted. If you prefer a fixed keyname, feel free...

community.cacert.org

Common Name	community.cacert.org
Owner	email-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/webmail.html#keys-and-x-509-certificates and https://infradocs.cacert.org/systems/email.html#keys-and-x-509-certificates
Other info	The same key is used in for webmail (https) and the email system (imap/pop3/managesieve/smtps/smtp submission)

crl.cacert.org

Common Name	crl.cacert.org
Owner	critical-admin@cacert.org
Reference	https://infradocs.cacert.org/critical/crl.html#keys-and-x-509-certificates

email.cacert.org

Common Name	email.cacert.org
Owner	email-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/email.html#keys-and-x-509-certificates

funding.cacert.org

Common Name	funding.cacert.org
Owner	web-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/web.html#keys-and-x-509-certificates

git.cacert.org

Common Name	git.cacert.org
Owner	git-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/git.html#keys-and-x-509-certificates

infradocs.cacert.org

Common Name	infradocs.cacert.org
Owner	web-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/web.html#keys-and-x-509-certificates

irc.cacert.org

Common Name	irc.cacert.org
Owner	irc-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/irc.html#keys-and-x-509-certificates

issue.cacert.org

Common Name	issue.cacert.org
Owner	issue-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/issue.html#keys-and-x-509-certificates

jenkins.cacert.org

Common Name	jenkins.cacert.org
Owner	web-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/web.html#keys-and-x-509-certificates

lists.cacert.org

Common Name	lists.cacert.org
Owner	email-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/lists.html#keys-and-x-509-certificates

monitor.cacert.org

Common Name	monitor.cacert.org
Owner	monitor-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/monitor.html#keys-and-x-509-certificates

ocsp.cacert.org

Common Name	ocsp.cacert.org
Owner	critical-admin@cacert.org
Reference	https://infradocs.cacert.org/critical/ocsp.html#keys-and-x-509-certificates

Common Name	ocsp.cacert.org class1 OCSP signing
Owner	critical-admin@cacert.org
Reference	https://infradocs.cacert.org/critical/ocsp.html#keys-and-x-509-certificates

Common Name	ocsp.cacert.org class3 OCSP signing
Owner	critical-admin@cacert.org
Reference	https://infradocs.cacert.org/critical/ocsp.html#keys-and-x-509-certificates

svn.cacert.org

Common Name	svn.cacert.org
Owner	svn-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/svn.html#keys-and-x-509-certificates

translations.cacert.org

Common Name	translations.cacert.org
Owner	translations-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/translations.html#keys-and-x-509-certificates

wiki.cacert.org

Common Name	wiki.cacert.org
Owner	wiki-admin@cacert.org
Reference	https://infradocs.cacert.org/systems/wiki.html#keys-and-x-509-certificates

www.cacert.org

Common Name	www.cacert.org
Owner	critical-admin@cacert.org
Reference	https://infradocs.cacert.org/critical/webdb.html#keys-and-x-509-certificates

Comments

CategorySystems

SystemAdministration/CertificateList (last edited 2022-01-18 20:24:59 by JanDittberner)