It's a CA certificate, a certificate issued by an authority (in this case WMF itself) that you could use to verify certs issued by it were valid.
Since it's expired it doesn't do anything useful but also shouldn't do any harm. It's there because it still gets installed in the "base" class (profile::base::certificates) in puppet. https://wikitech.wikimedia.org/wiki/HTTPS/WMF_CA On Tue, Dec 19, 2023 at 4:23 PM Roy Smith <r...@panix.com> wrote: > Poking around on my debian bookworm instance, I found > /usr/local/share/ca-certificates/wmf_ca_2017_2020.crt, which looks like an > expired SSL certificate: > > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > 9f:14:76:9e:ea:f4:18:c3 > > Signature Algorithm: sha256WithRSAEncryption > > Issuer: C = US, ST = California, L = San Francisco, O = > Wikimedia Foundation, OU = Operations, CN = WMF CA 2017-2020 > > Validity > > Not Before: Jul 19 20:43:26 2017 GMT > > Not After : Jul 18 20:43:26 2020 GMT > > Subject: C = US, ST = California, L = San Francisco, O = > Wikimedia Foundation, OU = Operations, CN = WMF CA 2017-2020 > > > > Does this do anything useful? Does it do any harm? > _______________________________________________ > Cloud mailing list -- cloud@lists.wikimedia.org > List information: > https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/ > -- Daniel Zahn <dz...@wikimedia.org> Site Reliability Engineer
_______________________________________________ Cloud mailing list -- cloud@lists.wikimedia.org List information: https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/
