Commit 554c0bf8 authored by GraceDB's avatar GraceDB

Add certificates and SWITCH repo key

parent 79c9cdf4
......@@ -4,9 +4,12 @@ LABEL name="LIGO GraceDB Django application" \
date="20181206"
ARG SETTINGS_MODULE="config.settings.container.dev"
COPY docker/SWITCHaai-swdistrib.gpg /etc/apt/trusted.gpg.d
RUN echo 'deb http://pkg.switch.ch/switchaai/debian stretch main' > /etc/apt/sources.list.d/shibboleth.list
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get update
RUN apt-get install --no-install-recommends --assume-yes \
# the previous command executes apt-get update; if it is removed
# one must add RUN apt-get update
RUN apt-get install --install-recommends --assume-yes \
apache2 \
gcc \
git \
......@@ -34,6 +37,9 @@ RUN apt-get install --no-install-recommends --assume-yes \
COPY docker/supervisord.conf /etc/supervisor/supervisord.conf
COPY docker/supervisord-apache2.conf /etc/supervisor/conf.d/apache2.conf
COPY docker/apache-config /etc/apache2/sites-available/gracedb.conf
COPY docker/login.ligo.org.cert.LIGOCA.pem /etc/shibboleth/login.ligo.org.cert.LIGOCA.pem
COPY docker/inc-md-cert.pem /etc/shibboleth/inc-md-cert.pem
RUN a2dissite 000-default.conf && \
a2ensite gracedb.conf && \
a2enmod headers proxy proxy_http rewrite xsendfile
......
-----BEGIN CERTIFICATE-----
MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 40 (0x28)
Signature Algorithm: sha1WithRSAEncryption
Issuer: DC=org, DC=ligo, O=LIGO, OU=Certificate Authorities, OU=Web Services, CN=LIGO CA 1
Validity
Not Before: Dec 20 19:42:07 2010 GMT
Not After : Dec 19 19:42:07 2020 GMT
Subject: DC=org, DC=ligo, O=LIGO, OU=Web Services, CN=login.ligo.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:dc:4c:a7:a0:cd:c3:7e:af:94:57:cc:c6:e7:fe:
3d:0b:e2:28:f2:b6:39:fd:0e:46:d8:a9:4a:39:8e:
bb:f3:47:e1:3b:0d:4b:a4:9c:72:a8:16:29:d9:ba:
ef:75:71:8d:4b:36:b2:68:0e:94:b8:20:dc:b1:d3:
3c:f4:a5:c5:f4:76:1c:f1:59:34:7d:5a:cc:14:41:
89:7a:e3:27:8e:4f:7c:d1:e8:a2:52:d0:4e:a0:97:
6d:46:bf:7b:44:99:40:1a:5f:3d:40:1b:54:a7:27:
f4:38:cb:f0:e4:b7:9d:d2:28:b6:3b:b3:ce:f5:ba:
fb:e8:3e:16:62:0f:c3:de:da:f5:a7:b3:29:85:7a:
de:74:00:4d:37:76:71:d5:6c:ed:fb:15:5f:ad:50:
da:25:28:d8:cf:f1:b0:5a:9b:e2:82:72:32:42:fe:
36:84:b4:de:7f:67:14:45:c1:7e:e3:2b:5c:0c:ae:
bb:36:1f:b3:01:03:df:8a:8c:10:36:ea:2a:2c:54:
f0:fd:6b:13:20:f7:20:aa:35:c8:bf:6b:5b:7a:ca:
31:be:b1:5f:1d:13:c5:5c:7d:ab:1b:e7:c3:a1:9b:
1b:74:75:8e:cf:ec:61:c3:95:84:2f:23:0e:35:76:
ef:ef:bc:d6:ab:30:3d:c2:de:1d:21:ec:f1:43:2c:
24:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.32070.2.1.2.1
X509v3 CRL Distribution Points:
URI:http://ca.ligo.org/541404c3/541404c3.crl
X509v3 Authority Key Identifier:
keyid:52:6E:DD:7B:AA:6F:85:5C:08:22:D3:97:9F:AD:7F:23:56:1E:6A:D1
X509v3 Subject Alternative Name:
DNS:login.ligo.org:scott.koranda@ligo.org
Signature Algorithm: sha1WithRSAEncryption
1e:4b:cb:44:4c:35:7e:0b:19:85:07:b2:82:10:50:04:84:80:
c2:84:8d:ab:0d:5c:fb:b8:68:c6:0d:b9:83:a4:02:be:8e:0a:
4b:e6:da:45:f2:19:d0:69:da:d0:c5:e7:30:46:03:05:43:e1:
84:94:92:f9:03:d0:dd:31:ec:18:ad:c9:77:3a:14:8e:12:9f:
2a:ab:1a:5f:8a:eb:3d:ac:9d:c8:ce:74:e2:72:0c:de:1c:6d:
54:67:2d:b9:c9:ac:4d:c1:96:1c:00:92:ac:89:d9:81:c8:83:
9a:73:75:14:91:cf:9b:4f:bf:a3:41:2e:36:42:e6:ec:11:bc:
5c:07:0c:43:ad:bb:9e:fa:b4:1d:0f:d5:f9:00:70:78:e4:be:
dc:3d:84:fe:fa:17:43:c1:d6:01:7e:8f:0b:b7:9a:08:ff:0c:
be:cf:d0:cd:a4:1e:77:b9:86:80:e2:b1:e2:1c:9a:68:97:a3:
96:06:06:59:19:ad:ca:17:8f:50:f1:44:fa:69:bf:04:06:9b:
f3:2c:24:75:c4:79:69:9a:dc:be:3e:25:8e:83:a6:b8:75:91:
9b:86:5f:85:9b:ae:d9:1d:07:97:ec:b1:08:51:93:53:7a:f1:
64:e3:5d:a1:73:e1:95:42:e2:b2:38:7b:d5:56:f4:f2:15:84:
d9:e8:72:98
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIBKDANBgkqhkiG9w0BAQUFADCBhzETMBEGCgmSJomT8ixk
ARkWA29yZzEUMBIGCgmSJomT8ixkARkWBGxpZ28xDTALBgNVBAoTBExJR08xIDAe
BgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMRUwEwYDVQQLEwxXZWIgU2Vy
dmljZXMxEjAQBgNVBAMTCUxJR08gQ0EgMTAeFw0xMDEyMjAxOTQyMDdaFw0yMDEy
MTkxOTQyMDdaMGoxEzARBgoJkiaJk/IsZAEZFgNvcmcxFDASBgoJkiaJk/IsZAEZ
FgRsaWdvMQ0wCwYDVQQKEwRMSUdPMRUwEwYDVQQLEwxXZWIgU2VydmljZXMxFzAV
BgNVBAMTDmxvZ2luLmxpZ28ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3EynoM3Dfq+UV8zG5/49C+Io8rY5/Q5G2KlKOY6780fhOw1LpJxyqBYp
2brvdXGNSzayaA6UuCDcsdM89KXF9HYc8Vk0fVrMFEGJeuMnjk980eiiUtBOoJdt
Rr97RJlAGl89QBtUpyf0OMvw5Led0ii2O7PO9br76D4WYg/D3tr1p7MphXredABN
N3Zx1Wzt+xVfrVDaJSjYz/GwWpvignIyQv42hLTef2cURcF+4ytcDK67Nh+zAQPf
iowQNuoqLFTw/WsTIPcgqjXIv2tbesoxvrFfHRPFXH2rG+fDoZsbdHWOz+xhw5WE
LyMONXbv77zWqzA9wt4dIezxQywkxQIDAQABo4HpMIHmMAwGA1UdEwEB/wQCMAAw
DgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAZ
BgNVHSAEEjAQMA4GDCsGAQQBgfpGAgECATA5BgNVHR8EMjAwMC6gLKAqhihodHRw
Oi8vY2EubGlnby5vcmcvNTQxNDA0YzMvNTQxNDA0YzMuY3JsMB8GA1UdIwQYMBaA
FFJu3Xuqb4VcCCLTl5+tfyNWHmrRMDAGA1UdEQQpMCeCJWxvZ2luLmxpZ28ub3Jn
OnNjb3R0LmtvcmFuZGFAbGlnby5vcmcwDQYJKoZIhvcNAQEFBQADggEBAB5Ly0RM
NX4LGYUHsoIQUASEgMKEjasNXPu4aMYNuYOkAr6OCkvm2kXyGdBp2tDF5zBGAwVD
4YSUkvkD0N0x7BityXc6FI4SnyqrGl+K6z2sncjOdOJyDN4cbVRnLbnJrE3BlhwA
kqyJ2YHIg5pzdRSRz5tPv6NBLjZC5uwRvFwHDEOtu576tB0P1fkAcHjkvtw9hP76
F0PB1gF+jwu3mgj/DL7P0M2kHne5hoDiseIcmmiXo5YGBlkZrcoXj1DxRPppvwQG
m/MsJHXEeWma3L4+JY6Dprh1kZuGX4WbrtkdB5fssQhRk1N68WTjXaFz4ZVC4rI4
e9VW9PIVhNnocpg=
-----END CERTIFICATE-----
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment