Toolserver:Admin:Crypto

Various notes on TS crypto stuff.

SSL
We have a StartSSL certificate for. This is used for:


 * https://toolserver.org
 * https://nagios.toolserver.org
 * https://svn.toolserver.org
 * https://jira.toolserver.org
 * https://fisheye.toolserver.org
 * https://crowd.toolserver.org
 * https://fingerprints.toolserver.org
 * https://wiki.toolserver.org

This needs to be changed in the following places when the certificate is renewed:


 * Squid on the HA cluster,
 * Apache on 's   zone,
 * In ZWS's admin interface for the admin server

We also have a Toolserver root CA which is used to sign certificates for internal use. This can be found at.

SSH fingerprints
SSH fingerprints are stored in Puppet. We also store them in DNS, to allow DNSSEC-capable resolvers to authenticate keys, at https://fingerprints.toolserver.org/ for manual verification, and in  (also in Puppet) for internal use. All three locations need to be updated if you want to change a host key.

Category:Admin:Software