Maintenance will be performed on git.ligo.org, chat.ligo.org, containers.ligo.org, and docs.ligo.org on the morning of Tuesday 11th August 2020, starting at approximately 9am PDT. It is expected to take around 20 minutes and there will be a short period of downtime (less than five minutes) towards the end of the maintenance window. Please direct any comments, questions, or concerns to computing-help@ligo.org.

Commit 554c0bf8 authored by GraceDB's avatar GraceDB

Add certificates and SWITCH repo key

parent 79c9cdf4
......@@ -4,9 +4,12 @@ LABEL name="LIGO GraceDB Django application" \
date="20181206"
ARG SETTINGS_MODULE="config.settings.container.dev"
COPY docker/SWITCHaai-swdistrib.gpg /etc/apt/trusted.gpg.d
RUN echo 'deb http://pkg.switch.ch/switchaai/debian stretch main' > /etc/apt/sources.list.d/shibboleth.list
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get update
RUN apt-get install --no-install-recommends --assume-yes \
# the previous command executes apt-get update; if it is removed
# one must add RUN apt-get update
RUN apt-get install --install-recommends --assume-yes \
apache2 \
gcc \
git \
......@@ -34,6 +37,9 @@ RUN apt-get install --no-install-recommends --assume-yes \
COPY docker/supervisord.conf /etc/supervisor/supervisord.conf
COPY docker/supervisord-apache2.conf /etc/supervisor/conf.d/apache2.conf
COPY docker/apache-config /etc/apache2/sites-available/gracedb.conf
COPY docker/login.ligo.org.cert.LIGOCA.pem /etc/shibboleth/login.ligo.org.cert.LIGOCA.pem
COPY docker/inc-md-cert.pem /etc/shibboleth/inc-md-cert.pem
RUN a2dissite 000-default.conf && \
a2ensite gracedb.conf && \
a2enmod headers proxy proxy_http rewrite xsendfile
......
-----BEGIN CERTIFICATE-----
MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 40 (0x28)
Signature Algorithm: sha1WithRSAEncryption
Issuer: DC=org, DC=ligo, O=LIGO, OU=Certificate Authorities, OU=Web Services, CN=LIGO CA 1
Validity
Not Before: Dec 20 19:42:07 2010 GMT
Not After : Dec 19 19:42:07 2020 GMT
Subject: DC=org, DC=ligo, O=LIGO, OU=Web Services, CN=login.ligo.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:dc:4c:a7:a0:cd:c3:7e:af:94:57:cc:c6:e7:fe:
3d:0b:e2:28:f2:b6:39:fd:0e:46:d8:a9:4a:39:8e:
bb:f3:47:e1:3b:0d:4b:a4:9c:72:a8:16:29:d9:ba:
ef:75:71:8d:4b:36:b2:68:0e:94:b8:20:dc:b1:d3:
3c:f4:a5:c5:f4:76:1c:f1:59:34:7d:5a:cc:14:41:
89:7a:e3:27:8e:4f:7c:d1:e8:a2:52:d0:4e:a0:97:
6d:46:bf:7b:44:99:40:1a:5f:3d:40:1b:54:a7:27:
f4:38:cb:f0:e4:b7:9d:d2:28:b6:3b:b3:ce:f5:ba:
fb:e8:3e:16:62:0f:c3:de:da:f5:a7:b3:29:85:7a:
de:74:00:4d:37:76:71:d5:6c:ed:fb:15:5f:ad:50:
da:25:28:d8:cf:f1:b0:5a:9b:e2:82:72:32:42:fe:
36:84:b4:de:7f:67:14:45:c1:7e:e3:2b:5c:0c:ae:
bb:36:1f:b3:01:03:df:8a:8c:10:36:ea:2a:2c:54:
f0:fd:6b:13:20:f7:20:aa:35:c8:bf:6b:5b:7a:ca:
31:be:b1:5f:1d:13:c5:5c:7d:ab:1b:e7:c3:a1:9b:
1b:74:75:8e:cf:ec:61:c3:95:84:2f:23:0e:35:76:
ef:ef:bc:d6:ab:30:3d:c2:de:1d:21:ec:f1:43:2c:
24:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.32070.2.1.2.1
X509v3 CRL Distribution Points:
URI:http://ca.ligo.org/541404c3/541404c3.crl
X509v3 Authority Key Identifier:
keyid:52:6E:DD:7B:AA:6F:85:5C:08:22:D3:97:9F:AD:7F:23:56:1E:6A:D1
X509v3 Subject Alternative Name:
DNS:login.ligo.org:scott.koranda@ligo.org
Signature Algorithm: sha1WithRSAEncryption
1e:4b:cb:44:4c:35:7e:0b:19:85:07:b2:82:10:50:04:84:80:
c2:84:8d:ab:0d:5c:fb:b8:68:c6:0d:b9:83:a4:02:be:8e:0a:
4b:e6:da:45:f2:19:d0:69:da:d0:c5:e7:30:46:03:05:43:e1:
84:94:92:f9:03:d0:dd:31:ec:18:ad:c9:77:3a:14:8e:12:9f:
2a:ab:1a:5f:8a:eb:3d:ac:9d:c8:ce:74:e2:72:0c:de:1c:6d:
54:67:2d:b9:c9:ac:4d:c1:96:1c:00:92:ac:89:d9:81:c8:83:
9a:73:75:14:91:cf:9b:4f:bf:a3:41:2e:36:42:e6:ec:11:bc:
5c:07:0c:43:ad:bb:9e:fa:b4:1d:0f:d5:f9:00:70:78:e4:be:
dc:3d:84:fe:fa:17:43:c1:d6:01:7e:8f:0b:b7:9a:08:ff:0c:
be:cf:d0:cd:a4:1e:77:b9:86:80:e2:b1:e2:1c:9a:68:97:a3:
96:06:06:59:19:ad:ca:17:8f:50:f1:44:fa:69:bf:04:06:9b:
f3:2c:24:75:c4:79:69:9a:dc:be:3e:25:8e:83:a6:b8:75:91:
9b:86:5f:85:9b:ae:d9:1d:07:97:ec:b1:08:51:93:53:7a:f1:
64:e3:5d:a1:73:e1:95:42:e2:b2:38:7b:d5:56:f4:f2:15:84:
d9:e8:72:98
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIBKDANBgkqhkiG9w0BAQUFADCBhzETMBEGCgmSJomT8ixk
ARkWA29yZzEUMBIGCgmSJomT8ixkARkWBGxpZ28xDTALBgNVBAoTBExJR08xIDAe
BgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMRUwEwYDVQQLEwxXZWIgU2Vy
dmljZXMxEjAQBgNVBAMTCUxJR08gQ0EgMTAeFw0xMDEyMjAxOTQyMDdaFw0yMDEy
MTkxOTQyMDdaMGoxEzARBgoJkiaJk/IsZAEZFgNvcmcxFDASBgoJkiaJk/IsZAEZ
FgRsaWdvMQ0wCwYDVQQKEwRMSUdPMRUwEwYDVQQLEwxXZWIgU2VydmljZXMxFzAV
BgNVBAMTDmxvZ2luLmxpZ28ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3EynoM3Dfq+UV8zG5/49C+Io8rY5/Q5G2KlKOY6780fhOw1LpJxyqBYp
2brvdXGNSzayaA6UuCDcsdM89KXF9HYc8Vk0fVrMFEGJeuMnjk980eiiUtBOoJdt
Rr97RJlAGl89QBtUpyf0OMvw5Led0ii2O7PO9br76D4WYg/D3tr1p7MphXredABN
N3Zx1Wzt+xVfrVDaJSjYz/GwWpvignIyQv42hLTef2cURcF+4ytcDK67Nh+zAQPf
iowQNuoqLFTw/WsTIPcgqjXIv2tbesoxvrFfHRPFXH2rG+fDoZsbdHWOz+xhw5WE
LyMONXbv77zWqzA9wt4dIezxQywkxQIDAQABo4HpMIHmMAwGA1UdEwEB/wQCMAAw
DgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAZ
BgNVHSAEEjAQMA4GDCsGAQQBgfpGAgECATA5BgNVHR8EMjAwMC6gLKAqhihodHRw
Oi8vY2EubGlnby5vcmcvNTQxNDA0YzMvNTQxNDA0YzMuY3JsMB8GA1UdIwQYMBaA
FFJu3Xuqb4VcCCLTl5+tfyNWHmrRMDAGA1UdEQQpMCeCJWxvZ2luLmxpZ28ub3Jn
OnNjb3R0LmtvcmFuZGFAbGlnby5vcmcwDQYJKoZIhvcNAQEFBQADggEBAB5Ly0RM
NX4LGYUHsoIQUASEgMKEjasNXPu4aMYNuYOkAr6OCkvm2kXyGdBp2tDF5zBGAwVD
4YSUkvkD0N0x7BityXc6FI4SnyqrGl+K6z2sncjOdOJyDN4cbVRnLbnJrE3BlhwA
kqyJ2YHIg5pzdRSRz5tPv6NBLjZC5uwRvFwHDEOtu576tB0P1fkAcHjkvtw9hP76
F0PB1gF+jwu3mgj/DL7P0M2kHne5hoDiseIcmmiXo5YGBlkZrcoXj1DxRPppvwQG
m/MsJHXEeWma3L4+JY6Dprh1kZuGX4WbrtkdB5fssQhRk1N68WTjXaFz4ZVC4rI4
e9VW9PIVhNnocpg=
-----END CERTIFICATE-----
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment