4068
Commentaire:
|
4801
|
Texte supprimé. | Texte ajouté. |
Ligne 1: | Ligne 1: |
= Liste Des Sites et Services Utilisant Le Certificat Gandi = | = Liste des sites et services utilisant le certificat Gandi = |
Ligne 3: | Ligne 3: |
||Serveur||VirtualHost Apache||Observations||Heartbleed <<FootNote(clée changée avril 2014 ? <<BR>> voir les annonces: https://www.gandi.net/news/en/2014-04-08/1398-openssl_heartbleed_issue/?lang=fr) -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 -- http://heartbleed.com/)>> || ||listes.auf.org|| /etc/apache2/sites-enabled/mailman|| || (./) || ||<|8>new-diogene.auf.org|| /etc/apache2/sites-enabled/000-default|| || (./) || ||/etc/apache2/sites-enabled/10-ressources-humaines.auf.org|| || (./) || |
||Serveur||VirtualHost Apache||Observations||Heartbleed <<FootNote(Clé changée en avril 2014 ? <<BR>> Voir [[https://www.gandi.net/news/en/2014-04-08/1398-openssl_heartbleed_issue/?lang=fr|l'annonce Gandi]], [[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160|le CVE]] et le site de test http://heartbleed.com/)>> || ||<|7>new-diogene.auf.org|| /etc/apache2/sites-enabled/000-default|| || (./) || |
Ligne 8: | Ligne 6: |
||/etc/apache2/sites-enabled/22-ag2013.auf.org|| || (./) || ||/etc/apache2/sites-enabled/23-rh-evaluation.auf.org|| || (./) || |
||/etc/apache2/sites-enabled/24-ifgu.auf.org|| || (./) || |
Ligne 13: | Ligne 10: |
||/etc/apache2/sites-enabled/28-psp.auf.org|| || (./) || | |
Ligne 15: | Ligne 13: |
= Liste des sites et services migrés vers Let's Encrypt (certbot) = ||Serveur||VirtualHost Apache||Observations||Heartbleed|| ||annuaire.auf.org|| etc/apache2/sites-available/00-annuaire.auf.org|| || (./) || ||redmine.auf.org|| /etc/apache2/sites-enabled/redmine.auf.org|| || (./) || ||wiki.auf.org|| /etc/apache2/sites-enabled/00-wiki|| || (./) || |
|
Ligne 20: | Ligne 26: |
||<|2>vmphp.auf.org|| /etc/apache2/sites-enabled/001-default-ssl|| || (./) || ||/etc/apache2/sites-enabled/sondages.auf.org-ssl|| || (./) || ||<|2>pypi.auf.org|| /etc/apache2/sites-enabled/01-pypi.auf.org|| || (./) || ||/etc/apache2/sites-enabled/03-references.auf.org|| || (./) || ||<|5>coda.auf.org|| /etc/apache2/sites-enabled/coda.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/coda2.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/coda3.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/form-coda.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/test-coda.auf.org-ssl|| || (./) || ||assistance-informatique.auf.org|| /etc/apache2/sites-enabled/00-jutda.auf.org.conf|| || (./) || ||listes.auf.org|| /etc/apache2/sites-enabled/mailman|| || (./) || ||id.auf.org|| /etc/apache2/sites-enabled/authentic2-ssl|| || (./) || ||intranet.auf.org|| /etc/apache2/sites-enabled/default-ssl|| || (./) || ||dev.sirh.auf.org|| /etc/apache2/sites-enabled/dev.sirh.auf.org-ssl|| || (./) || ||test.sirh.auf.org|| /etc/apache2/sites-enabled/test.sirh.auf.org-ssl|| || (./) || ||form-sirh.auf.org|| /etc/apache2/sites-enabled/form-sirh.auf.org-ssl|| || (./) || ||sirh.auf.org|| /etc/apache2/sites-enabled/sirh.auf.org-ssl|| || (./) || ||git.auf.org|| /etc/apache2/sites-enabled/01-git.auf.org|| || (./) || ||<|3>frontal.auf.org|| /etc/apache2/sites-enabled/000-default-ssl|| || (./) || ||/etc/apache2/sites-enabled/prima.auf.org|| || (./) || = Liste des sites et services décomissionnés = ||Serveur||VirtualHost Apache||Observations||Heartbleed|| ||webmail.ca.auf.org|| /etc/apache2/sites-enabled/default-ssl|| || (./) || ||redminebeta.auf.org|| /etc/apache2/sites-enabled/redminebeta.auf.org|| || (./) || ||igc.auf.org|| /etc/apache2/sites-enabled/frontal-ejbca|| || (./) || ||glpi.auf.org|| /etc/apache2/conf.d/glpi|| || (./) || ||nuage.auf.org|| /etc/apache2/sites-enabled/nuage.auf.org || || (./) || ||test-nuage.auf.org|| ||test-www.auf.org|| |
|
Ligne 22: | Ligne 60: |
||jutda.auf.org|| /etc/apache2/sites-enabled/00-jutda.auf.org|| || (./) || ||igc.auf.org|| /etc/apache2/sites-enabled/frontal-ejbca|| || (./) || ||wiki.auf.org|| /etc/apache2/sites-enabled/00-wiki|| || (./) || ||redmine.auf.org|| /etc/apache2/sites-enabled/redmine.auf.org|| || (./) || ||redminebeta.auf.org|| /etc/apache2/sites-enabled/redminebeta.auf.org|| || (./) || ||webmail.ca.auf.org|| /etc/apache2/sites-enabled/default-ssl|| || (./) || ||<|3>frontal.auf.org|| /etc/apache2/sites-enabled/02-sogo.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/agendas.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/default-ssl|| || (./) || ||<|3>proxy.coda.auf.org||/etc/apache2/sites-enabled/coda.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/form-coda.auf.org-ssl|| || (./) || ||/etc/apache2/sites-enabled/test-coda.auf.org-ssl|| || (./) || ||id.auf.org|| /etc/apache2/sites-enabled/authentic2-ssl|| || (./) || ||<|3>intranet.auf.org|| /etc/apache2/sites-enabled/intranet.auf.org-ssl|| || (./) || ||/etc/apache2/intranet-proxy/templates/apache-site-ssl|| || (./) || ||/etc/apache2/intranet-proxy/apache-site-ssl|| || (./) || ||sirh.auf.org|| /etc/apache2/sites-enabled/sirh.auf.org-ssl|| || (./) || ||glpi.auf.org|| /etc/apache2/conf.d/glpi|| || (./) || ||nuage.auf.org|| /etc/apache2/sites-enabled/nuage.auf.org || || (./) || ||pypi.auf.org|| ||form-sirh.auf.org|| ||coda-fw.auf|| ||coda-www.auf|| ||test-www.auf.org|| ||test-nuage.auf.org|| ||vmphp.auf.org|| |
|
Ligne 49: | Ligne 61: |
== Ansible : playbook pour la copie des certificats == | = Ansible : playbook pour la copie des certificats Gandi = |
Liste des sites et services utilisant le certificat Gandi
Serveur |
VirtualHost Apache |
Observations |
Heartbleed 1 |
new-diogene.auf.org |
/etc/apache2/sites-enabled/000-default |
|
|
/etc/apache2/sites-enabled/21-informatique.auf.org |
|
|
|
/etc/apache2/sites-enabled/24-ifgu.auf.org |
|
|
|
/etc/apache2/sites-enabled/25-sigma2.auf.org |
|
|
|
/etc/apache2/sites-enabled/26-cartographie.auf.org |
|
|
|
/etc/apache2/sites-enabled/27-csf-francophonie.auf.org |
|
|
|
/etc/apache2/sites-enabled/28-psp.auf.org |
|
|
|
www.auf.org |
/etc/apache2/sites-enabled/000-default |
|
|
/etc/apache2/sites-enabled/02-projets-p4.auf.org |
|
|
Liste des sites et services migrés vers Let's Encrypt (certbot)
Serveur |
VirtualHost Apache |
Observations |
Heartbleed |
annuaire.auf.org |
etc/apache2/sites-available/00-annuaire.auf.org |
|
|
redmine.auf.org |
/etc/apache2/sites-enabled/redmine.auf.org |
|
|
wiki.auf.org |
/etc/apache2/sites-enabled/00-wiki |
|
|
wcs.auf.org |
/etc/apache2/sites-enabled/001-default-ssl |
|
|
/etc/apache2/sites-enabled/01-formulaires.auf.org |
|
|
|
/etc/apache2/sites-enabled/02-test-formulaires.auf.org |
|
|
|
/etc/apache2/sites-enabled/03-anciens-formulaires.auf.org |
|
|
|
/etc/apache2/sites-enabled/04-preprod-formulaires.auf.org |
|
|
|
vmphp.auf.org |
/etc/apache2/sites-enabled/001-default-ssl |
|
|
/etc/apache2/sites-enabled/sondages.auf.org-ssl |
|
|
|
pypi.auf.org |
/etc/apache2/sites-enabled/01-pypi.auf.org |
|
|
/etc/apache2/sites-enabled/03-references.auf.org |
|
|
|
coda.auf.org |
/etc/apache2/sites-enabled/coda.auf.org-ssl |
|
|
/etc/apache2/sites-enabled/coda2.auf.org-ssl |
|
|
|
/etc/apache2/sites-enabled/coda3.auf.org-ssl |
|
|
|
/etc/apache2/sites-enabled/form-coda.auf.org-ssl |
|
|
|
/etc/apache2/sites-enabled/test-coda.auf.org-ssl |
|
|
|
assistance-informatique.auf.org |
/etc/apache2/sites-enabled/00-jutda.auf.org.conf |
|
|
listes.auf.org |
/etc/apache2/sites-enabled/mailman |
|
|
id.auf.org |
/etc/apache2/sites-enabled/authentic2-ssl |
|
|
intranet.auf.org |
/etc/apache2/sites-enabled/default-ssl |
|
|
dev.sirh.auf.org |
/etc/apache2/sites-enabled/dev.sirh.auf.org-ssl |
|
|
test.sirh.auf.org |
/etc/apache2/sites-enabled/test.sirh.auf.org-ssl |
|
|
form-sirh.auf.org |
/etc/apache2/sites-enabled/form-sirh.auf.org-ssl |
|
|
sirh.auf.org |
/etc/apache2/sites-enabled/sirh.auf.org-ssl |
|
|
git.auf.org |
/etc/apache2/sites-enabled/01-git.auf.org |
|
|
frontal.auf.org |
/etc/apache2/sites-enabled/000-default-ssl |
|
|
/etc/apache2/sites-enabled/prima.auf.org |
|
|
Liste des sites et services décomissionnés
Serveur |
VirtualHost Apache |
Observations |
Heartbleed |
webmail.ca.auf.org |
/etc/apache2/sites-enabled/default-ssl |
|
|
redminebeta.auf.org |
/etc/apache2/sites-enabled/redminebeta.auf.org |
|
|
igc.auf.org |
/etc/apache2/sites-enabled/frontal-ejbca |
|
|
glpi.auf.org |
/etc/apache2/conf.d/glpi |
|
|
nuage.auf.org |
/etc/apache2/sites-enabled/nuage.auf.org |
|
|
test-nuage.auf.org |
|||
test-www.auf.org |
|||
preprod-web.ca.auf.org |
/etc/apache2/sites-enabled/000-default-ssl |
|
|
/etc/apache2/sites-enabled/17-clavardage.auf.org-ssl |
|
|
Ansible : playbook pour la copie des certificats Gandi
mnombre@u-nm:~/mes-outils/ansible$ cat playbook-certs-ssl.yml --- - name: Déploiement certificat SSL *.auf.org hosts: certs-gandi-auforg become: True vars: ssl_cert_file: files/_.auf.org-cert.pem ssl_key_file: files/_.auf.org-key.pem ssl_ca_file: files/GandiStandardSSLCA.pem tasks: - name: Copie du fichier cert copy: src={{ ssl_cert_file }}/ dest=/etc/ssl/certs owner=root group=root mode=0444 - name: Copie du fichier key copy: src={{ ssl_key_file }}/ dest=/etc/ssl/private owner=root group=root mode=0400 - name: Copie du fichier CA copy: src={{ ssl_ca_file }}/ dest=/etc/ssl/certs owner=root group=root mode=0444 - name: redémarrage du service Apache2 service: name=apache2 state=restarted
mnombre@u-nm:~/mes-outils/ansible$ ansible-playbook -K playbook-certs-ssl.yml
Clé changée en avril 2014 ?
Voir l'annonce Gandi, le CVE et le site de test http://heartbleed.com/ (1)