spk-blog update web-client certs

diff --git a/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml b/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml
index ac73ae690d9e19e4952e50cdc943d03f9984b838..280fea27315e96f286625b8285247dd0cefa4a53 100644 (file)
--- a/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml
+++ b/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml
@@ -51,18 +51,19 @@ infra::profile::wordpress::projects:
     ssl_cert: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
     ssl_key: '/etc/pki/tls/private/sparkasseblog.de-key.pem'
     ssl_chain: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
-#    ssl_verify_client: optional
-#    ssl_crl: '/etc/pki/tls/certs/d-trust_ca_2-1_2015.crl'
-#    ssl_ca: '/etc/pki/tls/certs/spk-root-ca.pem'
+    ssl_verify_client: optional
+    ssl_crl: '/etc/pki/tls/certs/d-trust_ca_2-1_2015.crl'
+    ssl_ca: '/etc/pki/tls/certs/D-TRUST_CA_2-1_2015.pem'
 
     directories:
     setenvif:
       - "HTTPS on HTTPS=on"
 
-#infra::profile::cron::cronjobs:
-#  fetchcrl:
-#    user: root
-#    command: 'wget ... && systemctl reload httpd'
-#    minute: 0
-#    hour: 5
-#    description: um 05:00 Uhr wird die Revocationlist geholt. somit muss der Webserver reloaded werden
\ No newline at end of file
+infra::profile::cron::cronjobs:
+  fetchcrl:
+    ensure: 'present'
+    user: root
+    command: 'wget -q --output-document=/etc/pki/tls/certs/d-trust_ca_2-1_2015.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl && systemctl reload httpd'
+    minute: 0
+    hour: 5
+    description: um 05:00 Uhr wird die Revocationlist geholt. somit muss der Webserver reloaded werden
\ No newline at end of file