From 27f49bc8692e4c9bb083b60f8d514aecbef43cb6 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Thu, 15 Jun 2017 15:27:03 +0000 Subject: [PATCH] Add missing cert checks Based on an audit of certs I currently have record of ordering, update the ssldomains list for our cert check to include everything I know (and can confirm) is in production. Drop security since it's rolled into the SubjectAltName set for the static.openstack.org cert now. Also remove groups-dev from the list as it's the only one using a snakeoil cert and we don't normally bother to check for expiration on those. Keep www on the list even though Infra doesn't manage that one, because its unanticipated expiration has impacted us in the past and having a bit of extra warning there can't hurt. Change-Id: I4a51d0cd15533a39d23e09735c9fda34398e957f --- modules/openstack_project/files/ssl_cert_check/ssldomains | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/openstack_project/files/ssl_cert_check/ssldomains b/modules/openstack_project/files/ssl_cert_check/ssldomains index 5b8134ca69..729365d5a8 100644 --- a/modules/openstack_project/files/ssl_cert_check/ssldomains +++ b/modules/openstack_project/files/ssl_cert_check/ssldomains @@ -3,14 +3,17 @@ developer.openstack.org 443 docs.openstack.org 443 ethercalc.openstack.org 443 etherpad.openstack.org 443 +firehose.openstack.org 8883 git.openstack.org 443 groups.openstack.org 443 -groups-dev.openstack.org 443 openstackid.org 443 openstackid-dev.openstack.org 443 +openstackid-resources.openstack.org 443 +refstack.openstack.org 443 review.openstack.org 443 -security.openstack.org 443 +static.openstack.org 443 storyboard.openstack.org 443 +translate.openstack.org 443 wiki.openstack.org 443 www.openstack.org 443 zuul.openstack.org 443