Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | LDAP: Rotate soon-to-be expired key material.HEADmaster | Guilhem Moulin | 2024-09-08 | 4 |
| | | | | | Also, switch from rsa4096 to ed25519 and use a separate key for each syncrepl. | |||
* | levante: Adjust pinned key material and modules due to new hardware. | Guilhem Moulin | 2024-09-08 | 2 |
| | ||||
* | Use dedicated DKIM key for himmelkanten.se, vimmelkanten.se and ↵ | Guilhem Moulin | 2023-10-22 | 3 |
| | | | | hemskaklubben.se. | |||
* | Use dedicated DKIM key for dubre.me. | Guilhem Moulin | 2023-08-20 | 1 |
| | ||||
* | Use dedicated DKIM key for ljhms.se. | Guilhem Moulin | 2023-07-20 | 1 |
| | ||||
* | Use dedicated DKIM key for r0x.se. | Guilhem Moulin | 2022-12-13 | 1 |
| | ||||
* | Use dedicated DKIM key for guilhem.se. | Guilhem Moulin | 2022-10-11 | 1 |
| | ||||
* | Use dedicated DKIM key for gbg.cmsmarx.org. | Guilhem Moulin | 2021-02-13 | 1 |
| | ||||
* | typofix | Guilhem Moulin | 2021-01-24 | 1 |
| | ||||
* | Use dedicated DKIM key for jakmedlem.se. | Guilhem Moulin | 2021-01-24 | 1 |
| | ||||
* | certs/gencerts.sh: Don't hard-code the intermediate CA. | Guilhem Moulin | 2021-01-07 | 1 |
| | | | | | | Since mid December Let's Encrypt has been using /C=US/O=Let's Encrypt/CN=R3 (CAID #183267) instead of the old /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 (CAID #16418). | |||
* | Move bacula and munin master to new host levante from benjamin. | Guilhem Moulin | 2020-11-03 | 3 |
| | ||||
* | Use dedicated DKIM key for tevs.net. | Guilhem Moulin | 2020-10-01 | 1 |
| | ||||
* | Use dedicated DKIM key for hemdal.se. | Guilhem Moulin | 2020-05-22 | 1 |
| | ||||
* | Use dedicated DKIM key for guilhem.org. | Guilhem Moulin | 2020-04-22 | 1 |
| | ||||
* | Add dedicated DKIM key for lists.fripost.org. | Guilhem Moulin | 2020-04-22 | 1 |
| | | | | | | Instead of using the fallback key. That way messages from our lists have proper DMARC alignment (at least when envelope sender and From header are under domain lists.fripost.org). | |||
* | Add own DKIM key for debian.org address. | Guilhem Moulin | 2020-04-13 | 1 |
| | | | | | | | | | | | | Cf. https://lists.debian.org/debian-devel-announce/2020/04/msg00004.html . \o/ It's also fairly easy to deploy onto the Debian infrastucture: $ USERNAME="guilhem" $ SELECTOR="5d30c523ff3622ed454230a16a11ddf6.$USERNAME.user" $ printf "dkimPubKey: %s %s\n" "$SELECTOR" \ "$(openssl pkey -pubin -in "./certs/dkim/$SELECTOR:debian.org.pub" -outform DER | base64 -w0)" \ | gpg --clearsign | s-nail -r "USERNAME@debian.org" -s dkimPubKey changes@db.debian.org | |||
* | MSA: Open 465/TCP for Email Submission over TLS. | Guilhem Moulin | 2019-03-19 | 1 |
| | | | | See RFC 8314 sec. 3.3 "Cleartext Considered Obsolete". | |||
* | Add ssh-ed25519 hostkey for benjamin. | Guilhem Moulin | 2018-12-09 | 1 |
| | ||||
* | Remove trailing spaces. | Guilhem Moulin | 2018-12-05 | 1 |
| | ||||
* | DKIM: also include the "d=" tag in key filenames, not only the "s=" tag. | Guilhem Moulin | 2018-12-05 | 3 |
| | | | | | While the combination of "s=" tag (selector) & "d=" tag signing domain maps to a unique key, the selector alone doesn't necessarily. | |||
* | Upgrade DKIM keys to rsa2048, and allow for multiple keys. | Guilhem Moulin | 2018-12-04 | 3 |
| | ||||
* | gencerts: Also show the algorithm for SSH host keys. | Guilhem Moulin | 2018-12-03 | 1 |
| | ||||
* | Define new host "calima" serving Nextcloud. | Guilhem Moulin | 2018-12-03 | 5 |
| | ||||
* | ssh_known_hosts: also list ed25519 host (pub)keys. | Guilhem Moulin | 2018-12-03 | 1 |
| | ||||
* | certs/gencerts.sh: wibble | Guilhem Moulin | 2018-12-03 | 1 |
| | ||||
* | Rotate civett's IPsec's key. | Guilhem Moulin | 2017-05-29 | 2 |
| | ||||
* | Change civett's CNAME from civett.friprogramvarusyndikatet.se to ↵ | Guilhem Moulin | 2017-05-14 | 1 |
| | | | | civett.fripost.org | |||
* | HPKP: increase max-mage directive to 6 months from 1 hour. | Guilhem Moulin | 2016-09-18 | 1 |
| | ||||
* | gencerts: improve workning: s/pubkey/SPKI/ | Guilhem Moulin | 2016-09-18 | 1 |
| | ||||
* | Improve certs formatting. | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | gencerts: Print the SHA1 digests in hex not base64 format. | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | typo | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | typo | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | gencerts: make the SSHFPR output match the X509 ones. | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | gencerts: Include SAN for the website and webmail. | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | gencerts: base64-encode the SHA256 digests. | Guilhem Moulin | 2016-07-12 | 1 |
| | | | | Also, include the backup pins in the .asc. | |||
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 5 |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
* | gencerts: exclude expired certs in the CRT queries. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | Route all internal SMTP traffic through IPsec. | Guilhem Moulin | 2016-07-10 | 7 |
| | ||||
* | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 9 |
| | ||||
* | typo | Guilhem Moulin | 2016-06-15 | 1 |
| | ||||
* | crt.sh: Replace SHA1 by SHA256 as SPKI digest to list certificates. | Guilhem Moulin | 2016-06-15 | 1 |
| | ||||
* | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 9 |
| | | | | To avoid new commits upon cert renewal. | |||
* | Renew cert for https://lists.fripost.org. | Guilhem Moulin | 2016-05-28 | 1 |
| | ||||
* | IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication. | Guilhem Moulin | 2016-05-24 | 6 |
| | | | | There is no need to bother with X.509 cruft here. | |||
* | Restore the public part of Bacula's data encryption master key. | Guilhem Moulin | 2016-05-23 | 1 |
| | | | | | | Which was incorrectly removed at commit 8cf4032ecec5b9f58d829e89f231179170432539 | |||
* | Remove CAcert certificates. | Guilhem Moulin | 2016-05-22 | 2 |
| | | | | | We're now using the Let's Encrypt CA for our public internet-facing services. | |||
* | gencerts: improve formatting. | Guilhem Moulin | 2016-05-22 | 1 |
| | ||||
* | Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec. | Guilhem Moulin | 2016-05-22 | 9 |
| |