Skip to content

Commit

Permalink
Merge pull request #13884 from transcom/B-20796-mymove-cert-update
Browse files Browse the repository at this point in the history
replace milmove api certs
  • Loading branch information
deandreJones authored Oct 11, 2024
2 parents 0c22356 + a93cff1 commit 504cb83
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 35 deletions.
4 changes: 2 additions & 2 deletions .envrc
Original file line number Diff line number Diff line change
Expand Up @@ -207,9 +207,9 @@ export DEVLOCAL_AUTH=true
export DOD_CA_PACKAGE="${MYMOVE_DIR}/config/tls/milmove-cert-bundle.p7b"

# MyMove client certificate
# All of our DoD-signed certs are currently signed by DOD SW CA-66
# All of our DoD-signed certs are currently signed by DOD SW CA-75
# This cannot be changed unless our certs are all resigned
MOVE_MIL_DOD_CA_CERT=$(cat "${MYMOVE_DIR}"/config/tls/dod-sw-ca-66.pem)
MOVE_MIL_DOD_CA_CERT=$(cat "${MYMOVE_DIR}"/config/tls/dod-sw-ca-75.pem)
require MOVE_MIL_DOD_TLS_CERT "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read app-devlocal move_mil_dod_tls_cert'"
require MOVE_MIL_DOD_TLS_KEY "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read app-devlocal move_mil_dod_tls_key'"
export MOVE_MIL_DOD_CA_CERT
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ COPY bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
COPY bin/milmove /bin/milmove

COPY config/tls/milmove-cert-bundle.p7b /config/tls/milmove-cert-bundle.p7b
COPY config/tls/dod-sw-ca-66.pem /config/tls/dod-sw-ca-66.pem
COPY config/tls/dod-sw-ca-75.pem /config/tls/dod-sw-ca-75.pem

COPY swagger/* /swagger/
COPY build /build
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.local
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-2019-roo
COPY --from=builder --chown=root:root /home/circleci/project/bin/milmove /bin/milmove

COPY config/tls/milmove-cert-bundle.p7b /config/tls/milmove-cert-bundle.p7b
COPY config/tls/dod-sw-ca-66.pem /config/tls/dod-sw-ca-66.pem
COPY config/tls/dod-sw-ca-66.pem /config/tls/dod-sw-ca-75.pem

# While it's ok to have these certs copied locally, they should never be copied into Dockerfile.
COPY config/tls/devlocal-ca.key /config/tls/devlocal-ca.key
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.reviewapp
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ COPY migrations/app/secure /migrate/secure
COPY migrations/app/migrations_manifest.txt /migrate/migrations_manifest.txt

COPY config/tls/milmove-cert-bundle.p7b /config/tls/milmove-cert-bundle.p7b
COPY config/tls/dod-sw-ca-66.pem /config/tls/dod-sw-ca-66.pem
COPY config/tls/dod-sw-ca-66.pem /config/tls/dod-sw-ca-75.pem

# While it's ok to have these certs copied locally, they should never be copied into Dockerfile.
COPY config/tls/devlocal-ca.key /config/tls/devlocal-ca.key
Expand Down
2 changes: 1 addition & 1 deletion config/tls/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ A description of the certificates in this directory will helpful:
| `devlocal-faux-(air-force/all/army-hrc/coast-guard/marine-corps/navy)-orders.(cer/key)` | Certs signed by Devlocal CA for Orders API testing |
| `devlocal-https.(key/pem)` | a self-signed TLS cert/key pair |
| `devlocal-mtls.(cer/key)` | Certs signed by Devlocal CA for mTLS testing |
| `dod-sw-ca-66.pem` | DoD SW CA-66 package |
| `dod-sw-ca-75.pem` | DoD SW CA-75 package |
| `dod-wcf-intermediate-ca-1-.pem` | DoD WCF Intermediate CA 1 for allowing TLS connectivity to AWS services in the BCAP |
| `dod-wcf-root-ca-1-.pem` | DoD WCF Root CA 1 for allowing TLS connectivity to AWS services in the BCAP |
| `ECA_Root_CA_4.cer` | ECA Root CA4. Issuer of IdenTrust ECA Component S23 |
Expand Down
29 changes: 0 additions & 29 deletions config/tls/dod-sw-ca-54.pem

This file was deleted.

29 changes: 29 additions & 0 deletions config/tls/dod-sw-ca-75.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
subject=C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-75
issuer=C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3
-----BEGIN CERTIFICATE-----
MIIEjzCCA3egAwIBAgICBw0wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjIxMjA2MTcxMzQ5WhcN
MjgxMjA2MTcxMzQ5WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl
cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E
IFNXIENBLTc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnAPVJmc
Tw1/cGRwEhvz4QrT3fo0fDuAsv0Q3zebDDAkR/E62jJgtKZ+bkrIJRRtcdGA5rKo
/6VeAUj3/30zRTE2ND0it8Uy6/lfUpUmbn0GfBOExiOjAZ81nHvSwWxTpOlC5EaX
jnd+AtjODlEDw/UwHsnsQUNj8/NJKJExMugQeyLn5jNPZvnof1rPLAk3SjvvwTxX
+kxWmyQyqQDNxIVKajLgBpETNemxFonDFjtwZj8O8Mew9VdS+3CTNZLzv9JjuYo8
DI9DSapwHILyWQGQUE76DKoPy8Co9PS9cN6e2M5pWiTmtyx1XHXmpmSX7j3KUd3B
9yXmMnHdend0YwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW
qvLczmbuRcAwHQYDVR0OBBYEFOhYrrNHrbtR3iANh/MV5Oo+vIs6MA4GA1UdDwEB
/wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ
YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud
JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j
cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o
dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG
CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC
AQEAMgiAj14UkFscsZMJEeGsIW5t8MbNy9xbsvjCMpOqsAmcEHoloRuRNarPesoQ
hykz0mHyaTmMUXsGjfN4oQ/gHLn+F1k3Z+OHxo+DnSPTzOTSUghKnKF5UUrPDq6J
dIfLjWrPbLuPSKLxJlPqME1q962+ql+f5Mg5w9CeBi1ORJynkX/yz332sydCgQ3G
kLz8YRyvZH5Jrdg6vDQr4qFMt2kmBUIWq7UDI/G1fmUI7Q7R7qsfnyHhqOdUNBNi
is8yooe7hRBl0TaIiNCmItMFaTl7G38ZI8gL2prAGNHITpTjbaWrlC2CYCgtCoWo
GmlNqlYB/qPgCvk50sSvxFL7dQ==
-----END CERTIFICATE-----

0 comments on commit 504cb83

Please sign in to comment.